[release/1.6] cri: mkdir /etc/cni with 0755, not 0700#8030
Merged
estesp merged 1 commit intocontainerd:release/1.6from Jan 30, 2023
Merged
[release/1.6] cri: mkdir /etc/cni with 0755, not 0700#8030estesp merged 1 commit intocontainerd:release/1.6from
estesp merged 1 commit intocontainerd:release/1.6from
Conversation
/etc/cni has to be readable for non-root users (0755), because /etc/cni/tuning/allowlist.conf is used for rootless mode too. This file was introduced in CNI plugins 1.2.0 (containernetworking/plugins PR 693), and its path is hard-coded. Signed-off-by: Akihiro Suda <[email protected]> (cherry picked from commit b36b415) (cherry pick was not clean, as the sbserver is missing in the release/1.6 branch) Signed-off-by: Akihiro Suda <[email protected]>
dmcgowan
approved these changes
Jan 30, 2023
Mengkzhaoyun
pushed a commit
to open-beagle/containerd
that referenced
this pull request
Feb 13, 2023
containerd 1.6.17 Welcome to the v1.6.17 release of containerd! The seventeenth patch release for containerd 1.6 includes various updates. * **Add network plugin metrics** ([#8018](containerd/containerd#8018)) * **Update mkdir permission on /etc/cni to 0755 instead of 0700** ([#8030](containerd/containerd#8030)) * **Export remote snapshotter label handler** ([#8054](containerd/containerd#8054)) * **Add support for default hosts.toml configuration** ([#8065](containerd/containerd#8065)) See the changelog for complete list of changes Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. * Derek McGowan * Akihiro Suda * Jess * Antonio Ojea * Kohei Tokunaga * Phil Estes * Wei Fu <details><summary>11 commits</summary> <p> * [release/1.6] Prepare release notes for v1.6.17 ([#8080](containerd/containerd#8080)) * [`a1aa9b900`](containerd/containerd@a1aa9b9) Prepare release notes for v1.6.17 * [1.6] Backport default registry hosts config ([#8065](containerd/containerd#8065)) * [`1436641b8`](containerd/containerd@1436641) Support default hosts.toml configuration * [`87acecd04`](containerd/containerd@87acecd) Update hosts doc * [release/1.6 backport] Export remote snapshotter label handler ([#8054](containerd/containerd#8054)) * [`a6544ed7d`](containerd/containerd@a6544ed) Export remote snapshotter label handler * [release/1.6] cri: mkdir /etc/cni with 0755, not 0700 ([#8030](containerd/containerd#8030)) * [`ae02a24a3`](containerd/containerd@ae02a24) cri: mkdir /etc/cni with 0755, not 0700 * [release/1.6] add network plugin metrics ([#8018](containerd/containerd#8018)) * [`6c6cc5ec1`](containerd/containerd@6c6cc5e) add network plugin metrics </p> </details> This release has no dependency changes Previous release can be found at [v1.6.16](https://github.com/containerd/containerd/releases/tag/v1.6.16)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cherry-pick:
(cherry pick was not clean, as the
sbserveris missing in therelease/1.6branch)/etc/cni has to be readable for non-root users (0755), because /etc/cni/tuning/allowlist.conf is used for rootless mode too. This file was introduced in CNI plugins 1.2.0 (containernetworking/plugins PR 693), and its path is hard-coded.