diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2022-01-11 13:51:10 -0500 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2022-01-11 16:19:50 -0500 |
commit | 83b0fb4696fc9db304365eb16720c26bad93e474 (patch) | |
tree | a81b08cd8b843930676082bb0bc796410883fa92 /libpod | |
parent | 3404ad042def1c02872f66836feae19c814901a4 (diff) | |
download | podman-83b0fb4696fc9db304365eb16720c26bad93e474.tar.gz podman-83b0fb4696fc9db304365eb16720c26bad93e474.tar.bz2 podman-83b0fb4696fc9db304365eb16720c26bad93e474.zip |
Fix permission on secrets directory
This directory needs to be world searchable so users can access it from
different user namespaces.
Fixes: https://github.com/containers/podman/issues/12779
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/runtime_ctr.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 2891eb783..53ccb9139 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -429,7 +429,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai }() ctr.config.SecretsPath = filepath.Join(ctr.config.StaticDir, "secrets") - err = os.MkdirAll(ctr.config.SecretsPath, 0644) + err = os.MkdirAll(ctr.config.SecretsPath, 0755) if err != nil { return nil, err } |