Update pki_helpers.go #122040
Update pki_helpers.go #122040
Conversation
revoke world-accessible permissions that are unnecessary
|
Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
kind/documentation
|
Please note that we're already in Test Freeze for the Fast forwards are scheduled to happen every 6 hours, whereas the most recent run was: Sat Nov 25 10:00:10 UTC 2023. |
k8s-ci-robot
added
cncf-cla: yes
|
This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-triage
|
Hi @DeeptanshuDas. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-priority
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: DeeptanshuDas The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
area/kubeadm
sig/cluster-lifecycle
| @@ -218,7 +218,7 @@ func WriteCSR(csrDir, name string, csr *x509.CertificateRequest) error { | |||
| return errors.Wrapf(err, "failed to make directory %s", filepath.Dir(csrPath)) | |||
| } | |||
|
|
|||
| if err := os.WriteFile(csrPath, EncodeCSRPEM(csr), os.FileMode(0600)); err != nil { | |||
| if err := os.WriteFile(csrPath, EncodeCSRPEM(csr), os.FileMode(0600) | os.FileMode(syscall.S_IWUSR)); err != nil { | |||
There was a problem hiding this comment.
revoke world-accessible permissions that are unnecessary to make the file give the written permission to the owner of a file.
the permission used to be 644, but now it's 600.
#81116
600 already means RW only for the owner, which in kubeadm's case is root.
There was a problem hiding this comment.
it make less error than 600
There was a problem hiding this comment.
that's not how IWUSR works.
see this:
package main
import (
"fmt"
"os"
"syscall"
)
func main() {
fmt.Printf("%v\n", os.FileMode(0600))
fmt.Printf("%v\n", os.FileMode(syscall.S_IWUSR)|os.FileMode(syscall.S_IRUSR))
fmt.Printf("%v\n", os.FileMode(0600)|os.FileMode(syscall.S_IWUSR))
}
-rw-------
-rw-------
-rw-------
closing as 600 already fixed the problem.
/close
|
@neolit123: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
revoke world-accessible permissions that are unnecessary
What type of PR is this?
/kind documentation
What this PR does / why we need it:
revoke world-accessible permissions that are unnecessary to make the file give the written permission to the owner of a file.
Which issue(s) this PR fixes:
Fixes #81116