Skip to content

Commit

Permalink
fix(executor): emissary - make /var/run/argo files readable from non-…
Browse files Browse the repository at this point in the history 
…root users. Fixes #6238 (#6304)

Signed-off-by: Yuan Gong <gongyuan94@gmail.com>
  • Loading branch information
@Bobgy
Bobgy authored Jul 8, 2021
1 parent c9246d3 commit c115849
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions workflow/executor/emissary/emissary.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ func (e emissary) writeTemplate(t wfv1.Template) error {
if err != nil {
return err
}
return ioutil.WriteFile("/var/run/argo/template", data, 0o400) // chmod -r--------
return ioutil.WriteFile("/var/run/argo/template", data, 0o444) // chmod -r--r--r--
}

func (e emissary) GetFileContents(_ string, sourcePath string) (string, error) {
Expand Down Expand Up @@ -137,7 +137,7 @@ func (e emissary) isComplete(containerNames []string) bool {

func (e emissary) Kill(ctx context.Context, containerNames []string, terminationGracePeriodDuration time.Duration) error {
for _, containerName := range containerNames {
if err := ioutil.WriteFile("/var/run/argo/ctr/"+containerName+"/signal", []byte(strconv.Itoa(int(syscall.SIGTERM))), 0o600); err != nil {
if err := ioutil.WriteFile("/var/run/argo/ctr/"+containerName+"/signal", []byte(strconv.Itoa(int(syscall.SIGTERM))), 0o644); err != nil {
return err
}
}
Expand All @@ -148,7 +148,7 @@ func (e emissary) Kill(ctx context.Context, containerNames []string, termination
return err
}
for _, containerName := range containerNames {
if err := ioutil.WriteFile("/var/run/argo/ctr/"+containerName+"/signal", []byte(strconv.Itoa(int(syscall.SIGKILL))), 0o600); err != nil {
if err := ioutil.WriteFile("/var/run/argo/ctr/"+containerName+"/signal", []byte(strconv.Itoa(int(syscall.SIGKILL))), 0o644); err != nil {
return err
}
}
Expand Down

0 comments on commit c115849

Please sign in to comment.