-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update pki_helpers.go #122040
Update pki_helpers.go #122040
Conversation
revoke world-accessible permissions that are unnecessary
Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Please note that we're already in Test Freeze for the Fast forwards are scheduled to happen every 6 hours, whereas the most recent run was: Sat Nov 25 10:00:10 UTC 2023. |
This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Hi @DeeptanshuDas. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: DeeptanshuDas The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@@ -218,7 +218,7 @@ func WriteCSR(csrDir, name string, csr *x509.CertificateRequest) error { | |||
return errors.Wrapf(err, "failed to make directory %s", filepath.Dir(csrPath)) | |||
} | |||
|
|||
if err := os.WriteFile(csrPath, EncodeCSRPEM(csr), os.FileMode(0600)); err != nil { | |||
if err := os.WriteFile(csrPath, EncodeCSRPEM(csr), os.FileMode(0600) | os.FileMode(syscall.S_IWUSR)); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
revoke world-accessible permissions that are unnecessary to make the file give the written permission to the owner of a file.
the permission used to be 644, but now it's 600.
#81116
600 already means RW only for the owner, which in kubeadm's case is root.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it make less error than 600
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's not how IWUSR works.
see this:
package main
import (
"fmt"
"os"
"syscall"
)
func main() {
fmt.Printf("%v\n", os.FileMode(0600))
fmt.Printf("%v\n", os.FileMode(syscall.S_IWUSR)|os.FileMode(syscall.S_IRUSR))
fmt.Printf("%v\n", os.FileMode(0600)|os.FileMode(syscall.S_IWUSR))
}
-rw-------
-rw-------
-rw-------
closing as 600 already fixed the problem.
/close
@neolit123: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
revoke world-accessible permissions that are unnecessary
What type of PR is this?
/kind documentation
What this PR does / why we need it:
revoke world-accessible permissions that are unnecessary to make the file give the written permission to the owner of a file.
Which issue(s) this PR fixes:
Fixes #81116