Goal

• In an OpenStack deployment using Libvirt's dynamic ownership feature, prevent instance disk files from being world-readable. World-readable instance disk files can be a security concern if an unauthorized actor gets access to the compute host (there are obviously many other security concerns in this scenario, but at least instance disk files won't be trivially accessible).

The current umask when libvirt applies dynamic ownership to instance disk files is unconfigurable, and results in world-readable files. Nova would like a libvirt knob (either in config or directly in the XML) to specificy a custom umask.

Acceptance Criteria

• An instance created by Nova does not have a world-readable disk.