Skip to content

cri: mkdir /etc/cni with 0755, not 0700 #8020

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dmcgowan merged 1 commit into from
Jan 30, 2023
Merged

cri: mkdir /etc/cni with 0755, not 0700 #8020

dmcgowan merged 1 commit into from
Jan 30, 2023
+16 −0

Conversation

@AkihiroSuda
Copy link
Member

@AkihiroSuda AkihiroSuda commented Jan 28, 2023

/etc/cni has to be readable for non-root users (0755), because /etc/cni/tuning/allowlist.conf is used for rootless mode too. This file was introduced in CNI plugins 1.2.0 (containernetworking/plugins#693), and its path is hard-coded.

@AkihiroSuda AkihiroSuda added area/cri Container Runtime Interface (CRI) cherry-pick/1.6.x labels Jan 28, 2023
@AkihiroSuda
Copy link
Member Author

AkihiroSuda commented Jan 28, 2023
edited
Loading

(The dir is created on starting the daemon, so it was breaking rootless nerdctl, although nerdctl does not use the CRI API)

@AkihiroSuda
cri: mkdir /etc/cni with 0755, not 0700
b36b415 
/etc/cni has to be readable for non-root users (0755), because /etc/cni/tuning/allowlist.conf is used for rootless mode too.
This file was introduced in CNI plugins 1.2.0 (containernetworking/plugins PR 693), and its path is hard-coded.

Signed-off-by: Akihiro Suda <[email protected]>
fuweid
fuweid approved these changes Jan 29, 2023
View reviewed changes
estesp
estesp approved these changes Jan 30, 2023
View reviewed changes
Copy link
Member

@estesp estesp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dmcgowan dmcgowan merged commit ee0e22f into containerd:main Jan 30, 2023
@AkihiroSuda AkihiroSuda mentioned this pull request Jan 30, 2023
Merged
@AkihiroSuda AkihiroSuda added cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch and removed cherry-pick/1.6.x labels Jan 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmcgowan dmcgowan dmcgowan approved these changes

@estesp estesp estesp approved these changes

@fuweid fuweid fuweid approved these changes

Assignees

No one assigned

Labels

area/cri Container Runtime Interface (CRI) cherry-picked/1.6.x PR commits are cherry-picked into release/1.6 branch impact/changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@AkihiroSuda @dmcgowan @estesp @fuweid