Merge pull request #59070 from jaxxstorm/u/jaxxstorm/manifest_perms

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Change manifest file perms to remove execute **What this PR does / why we need it**: Currently, the manifests generated by kubeadm have permission 0700. The kubernetes CIS benchmarks state the perms should be 0644 or better, so this change sets the file permissions to 0600, as they are static files, and don't need to be executable. **Which issue(s) this PR fixes** *: Fixes # https://github.com/kubernetes/kubeadm/issues/678 **Special notes for your reviewer**: None **Release note**: ```release-note NONE ```
2018-01-30 16:06:09 -08:00
parent a18f086220 ff607743a3
commit 8b9aa35d4e
1 changed files with 1 additions and 1 deletions
--- a/cmd/kubeadm/app/util/staticpod/utils.go
+++ b/cmd/kubeadm/app/util/staticpod/utils.go
@@ -172,7 +172,7 @@ func WriteStaticPodToDisk(componentName, manifestDir string, pod v1.Pod) error {

 	filename := kubeadmconstants.GetStaticPodFilepath(componentName, manifestDir)

-	if err := ioutil.WriteFile(filename, serialized, 0700); err != nil {
+	if err := ioutil.WriteFile(filename, serialized, 0600); err != nil {
 		return fmt.Errorf("failed to write static pod manifest file for %q (%q): %v", componentName, filename, err)
 	}