github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #59070 from jaxxstorm/u/jaxxstorm/manifest_perms 

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Change manifest file perms to remove execute

**What this PR does / why we need it**:

Currently, the manifests generated by kubeadm have permission 0700. The kubernetes CIS benchmarks state the perms should be 0644 or better, so this change sets the file permissions to 0600, as they are static files, and don't need to be executable.

**Which issue(s) this PR fixes** *: Fixes # https://github.com/kubernetes/kubeadm/issues/678

**Special notes for your reviewer**:
None

**Release note**:
```release-note
NONE
```
pull/6/head
Kubernetes Submit Queue 2018-01-30 16:06:09 -08:00 committed by GitHub
parent a18f086220 ff607743a3
commit 8b9aa35d4e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kubeadm/app/util/staticpod/utils.go
View File

@ -172,7 +172,7 @@ func WriteStaticPodToDisk(componentName, manifestDir string, pod v1.Pod) error {
filename := kubeadmconstants.GetStaticPodFilepath(componentName, manifestDir) filename := kubeadmconstants.GetStaticPodFilepath(componentName, manifestDir)
if err := ioutil.WriteFile(filename, serialized, 0700); err != nil { if err := ioutil.WriteFile(filename, serialized, 0600); err != nil {
return fmt.Errorf("failed to write static pod manifest file for %q (%q): %v", componentName, filename, err) return fmt.Errorf("failed to write static pod manifest file for %q (%q): %v", componentName, filename, err)
} }