From 3013f4f65d9c2f5ecdb4b36171fd2b2fcd33e8bb Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Mon, 31 Oct 2022 18:39:26 +0000
Subject: [PATCH] Explicitly set permissions to initrd inject file

---
 playbooks/include/deploy-kvm-guest.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/playbooks/include/deploy-kvm-guest.yml b/playbooks/include/deploy-kvm-guest.yml
index fc6209b..2ab1e90 100644
--- a/playbooks/include/deploy-kvm-guest.yml
+++ b/playbooks/include/deploy-kvm-guest.yml
@@ -74,6 +74,9 @@
           echo '{{ root_pubkey }}' > /root/.ssh/authorized_keys
           %end
         dest: "{{ tmpdir.path }}/include.ks"
+        mode: 0600
+        owner: root
+        group: "{{ ansible_wheel }}"
       delegate_to: "{{ vmhost }}"
       when:
         - inventory_hostname not in result.list_vms