From b2c84061c9bbd4d659a73aec2d329653d206c1f6 Mon Sep 17 00:00:00 2001 From: Tim Allclair Date: Fri, 13 Dec 2024 13:11:52 -0800 Subject: [PATCH] Change default filestore permissions to 0700 --- pkg/kubelet/util/store/filestore.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkg/kubelet/util/store/filestore.go b/pkg/kubelet/util/store/filestore.go index 17c313602ad..2eada9be956 100644 --- a/pkg/kubelet/util/store/filestore.go +++ b/pkg/kubelet/util/store/filestore.go @@ -28,6 +28,9 @@ import ( const ( // Name prefix for the temporary files. tmpPrefix = "." + + // The default permission bits to set on the filestore directory. + directoryPerm = 0700 ) // FileStore is an implementation of the Store interface which stores data in files. @@ -41,7 +44,7 @@ type FileStore struct { // NewFileStore returns an instance of FileStore. func NewFileStore(path string, fs utilfs.Filesystem) (Store, error) { - if err := fs.MkdirAll(path, 0755); err != nil { + if err := fs.MkdirAll(path, directoryPerm); err != nil { return nil, err } return &FileStore{directoryPath: path, filesystem: fs}, nil @@ -52,7 +55,7 @@ func (f *FileStore) Write(key string, data []byte) error { if err := ValidateKey(key); err != nil { return err } - if err := f.filesystem.MkdirAll(f.directoryPath, 0755); err != nil { + if err := f.filesystem.MkdirAll(f.directoryPath, directoryPerm); err != nil { return err }