kubernetes

mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-22 03:11:40 +00:00

History

Tero Saarni 96306f144a Set permissions on volume before publishing update This change fixes a race condition that was caused by setting the file owner, group and mode non-atomically, after the updated files had been published. Users who were running non-root containers, without GID 0 permissions, and had removed read permissions from other users by setting defaultMode: 0440 or similar, were getting intermittent permission denied errors when accessing files on secret or configmap volumes or service account tokens on projected volumes during update.	2022-12-24 07:59:41 +02:00
..
projected_test.go	unittests: Fixes unit tests for Windows (part 2)	2022-08-01 18:56:32 +03:00
projected.go	Set permissions on volume before publishing update	2022-12-24 07:59:41 +02:00

Tero Saarni 96306f144a Set permissions on volume before publishing update

This change fixes a race condition that was caused by setting the file owner,
group and mode non-atomically, after the updated files had been published.

Users who were running non-root containers, without GID 0 permissions, and
had removed read permissions from other users by setting defaultMode: 0440 or
similar, were getting intermittent permission denied errors when accessing
files on secret or configmap volumes or service account tokens on projected
volumes during update.

2022-12-24 07:59:41 +02:00

projected_test.go

unittests: Fixes unit tests for Windows (part 2)

2022-08-01 18:56:32 +03:00

projected.go

Set permissions on volume before publishing update

2022-12-24 07:59:41 +02:00