From 83b0fb4696fc9db304365eb16720c26bad93e474 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 11 Jan 2022 13:51:10 -0500
Subject: Fix permission on secrets directory

This directory needs to be world searchable so users can access it from
different user namespaces.

Fixes: https://github.com/containers/podman/issues/12779

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 libpod/runtime_ctr.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libpod')

diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 2891eb783..53ccb9139 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -429,7 +429,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 	}()
 
 	ctr.config.SecretsPath = filepath.Join(ctr.config.StaticDir, "secrets")
-	err = os.MkdirAll(ctr.config.SecretsPath, 0644)
+	err = os.MkdirAll(ctr.config.SecretsPath, 0755)
 	if err != nil {
 		return nil, err
 	}
-- 
cgit v1.2.3-54-g00ecf