-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
shim: Create pid-file with 0644 permissions #9571
Conversation
Hi @Dzejrou. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This is confusing, as the commit does not exist in the upstream |
original PR was backported to 1.6 as well, so we'll also need a cherry pick for the 1.6 branch |
This is a result of me following Samuel's recommendation at #9548 (comment), would you like me to amend the message to leave this bit out? (I'm sorry about all this confusion, I'm not used to contribute to multiple maintained branches.) |
The main PR has to be merged first, and then the commit should be cherry-picked to the v1.7 branch. |
Fixes ae70213 In ae70213 the WritePidFile and WriteAddress functions were changed to use AtomicFile instead of os.CreateFile. However, AtomicFile creates a temporary file and then changes its permissions with os.Chmod which alters the previously observed behavior of os.CreateFile which takes the system's umask into account. This means that on Linux-based systems these files suddenly became world writable (containerd#9363). The address file has since been removed, but pid-file was still created as world writable. This commit explicitly requests 0644 permissions as even on systems without default umask of 0022 there is no reason to have these two files world writable. Signed-off-by: Jaroslav Jindrak <dzejrou@gmail.com>
Thank you for the clarification, hopefully I did it correctly this time:
|
Fixes ae70213
In ae70213 the WritePidFile and WriteAddress functions were changed to use AtomicFile instead of os.CreateFile. However, AtomicFile creates a temporary file and then changes its permissions with os.Chmod which alters the previously observed behavior of os.CreateFile which takes the system's umask into account.
This means that on Linux-based systems these files suddenly became world writable (#9363). The address file has since been removed, but pid-file was still created as world writable. This commit explicitly requests 0644 permissions as even on systems without default umask of 0022 there is no reason to have these two files world writable.
(cherry picked from commit 088d5cf)