Bug 2105159

Summary: crio umask sometimes set to 0000 [4.8]
Product: OpenShift Container Platform Reporter: Sascha Grunert <sgrunert>
Component: NodeAssignee: Sascha Grunert <sgrunert>
Node sub component: CRI-O QA Contact: Sunil Choudhary <schoudha>
Status: CLOSED ERRATA Docs Contact:
Severity: low    
Priority: high CC: abraj, apaladug, bgilbert, bshaw, dpateriy, hyupark, mgokhool, nagrawal, openshift-bugs-escalate, schoudha, sgrunert, suc, travier, vsolanki
Version: 4.8   
Target Milestone: ---   
Target Release: 4.8.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2040612 Environment:
Last Closed: 2022-09-14 20:38:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2106793    
Bug Blocks:    

Comment 3 Sunil Choudhary 2022-08-30 11:47:19 UTC 
 % oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.8.0-0.nightly-2022-08-29-151822   True        False         109m    Cluster version is 4.8.0-0.nightly-2022-08-29-151822

% oc get nodes
NAME                                         STATUS   ROLES    AGE    VERSION
ip-10-0-139-26.us-east-2.compute.internal    Ready    worker   128m   v1.21.11+31d53a1
ip-10-0-157-130.us-east-2.compute.internal   Ready    master   132m   v1.21.11+31d53a1
ip-10-0-161-252.us-east-2.compute.internal   Ready    worker   128m   v1.21.11+31d53a1
ip-10-0-170-181.us-east-2.compute.internal   Ready    master   132m   v1.21.11+31d53a1
ip-10-0-197-188.us-east-2.compute.internal   Ready    worker   128m   v1.21.11+31d53a1
ip-10-0-209-248.us-east-2.compute.internal   Ready    master   136m   v1.21.11+31d53a1

% oc debug node/ip-10-0-139-26.us-east-2.compute.internal
Starting pod/ip-10-0-139-26us-east-2computeinternal-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.139.26
If you don't see a command prompt, try pressing enter.

sh-4.4# umask
0022

sh-4.4# ps lp $(grep -l "Umask:[[:space:]]0000" /proc/[0-9]*/status | cut -f3 -d/) | grep -v "]$"
F   UID     PID    PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
4     0       1       0  20   0 177092 15572 do_epo Ss   ?          0:35 /usr/lib/systemd/systemd --switched-root --system --deserialize 16
1     0    2048       1  20   0 143820  2456 x64_sy Ssl  ?          0:00 /usr/bin/conmon -b /var/run/containers/storage/overlay-containers/a4f5c18c419706239cfe0365b570384d9bdf4db3ab5f602e7062d1cb03cf4223/userdata -c a4f5c18c419706239cfe0365b570384d9bdf4db3ab5f602e7062d1cb03cf4223 --exit-dir /var/run/crio/exits -l /var/log/pods/openshift-sdn_sdn-4brq6_9b1ca28d-3492-4a3b-a8e5-8ce7e4f84d68/sdn/0.log --log-level info -n k8s_sdn_sdn-4brq6_openshift-sdn_9b1ca28d-3492-4a3b-a8e5-8ce7e4f84d68_0 -P /var/run/containers/storage/overlay-containers/a4f5c18c419706239cfe0365b570384d9bdf4db3ab5f602e7062d1cb03cf4223/userdata/conmon-pidfile -p /var/run/containers/storage/overlay-containers/a4f5c18c419706239cfe0365b570384d9bdf4db3ab5f602e7062d1cb03cf4223/userdata/pidfile --persist-dir /var/lib/containers/storage/overlay-containers/a4f5c18c419706239cfe0365b570384d9bdf4db3ab5f602e7062d1cb03cf4223/userdata -r /usr/bin/runc --runtime-arg --root=/run/runc --socket-dir-path /var/run/crio -u a4f5c18c419706239cfe0365b570384d9bdf4db3ab5f602e7062d1cb03cf4223 -s
Comment 6 errata-xmlrpc 2022-09-14 20:38:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.8.49 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:6308