github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 02:41:25 +00:00
Code Issues Projects Releases Wiki Activity

Set umask 0022 when building

Browse Source 
Some binaries now run as non-root (kube-scheduler).  When umask is 0027,
for example, the container image we build has the binary 0750, which is
not executable by the non-root UID.
This commit is contained in:
Tim Hockin 2020-05-05 16:28:43 -07:00
parent 68cbb35ebc
commit dff449ee9e
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hack/lib/golang.sh
View File

@ -523,6 +523,10 @@ kube::golang::setup_env() {
# This seems to matter to some tools # This seems to matter to some tools
export GO15VENDOREXPERIMENT=1 export GO15VENDOREXPERIMENT=1
# This is for sanity. Without it, user umasks leak through into release
# artifacts.
umask 0022
} }
# This will take binaries from $GOPATH/bin and copy them to the appropriate # This will take binaries from $GOPATH/bin and copy them to the appropriate