summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2022-01-11 13:51:10 -0500
committerDaniel J Walsh <dwalsh@redhat.com>2022-01-11 16:19:50 -0500
commit83b0fb4696fc9db304365eb16720c26bad93e474 (patch)
treea81b08cd8b843930676082bb0bc796410883fa92 /libpod
parent3404ad042def1c02872f66836feae19c814901a4 (diff)
downloadpodman-83b0fb4696fc9db304365eb16720c26bad93e474.tar.gz
podman-83b0fb4696fc9db304365eb16720c26bad93e474.tar.bz2
podman-83b0fb4696fc9db304365eb16720c26bad93e474.zip
Fix permission on secrets directory
This directory needs to be world searchable so users can access it from different user namespaces. Fixes: https://github.com/containers/podman/issues/12779 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/runtime_ctr.go2
1 files changed, 1 insertions, 1 deletions
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 2891eb783..53ccb9139 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -429,7 +429,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
}()
ctr.config.SecretsPath = filepath.Join(ctr.config.StaticDir, "secrets")
- err = os.MkdirAll(ctr.config.SecretsPath, 0644)
+ err = os.MkdirAll(ctr.config.SecretsPath, 0755)
if err != nil {
return nil, err
}