Description of problem: Refer to https://bugzilla.redhat.com/show_bug.cgi?id=1791534 The openshift4/ose-baremetal-installer-rhel8 container was also discovered to suffer from the same problem. Version-Release number of selected component (if applicable): latest / v4.6 / v4.6.0-202011181111.p0 How reproducible: Always Steps to Reproduce: $ podman save openshift4/ose-baremetal-installer-rhel8 | tar -xvf - ... $ tar vtf 3e1bc69229c4f2c3c631d68524091f7f2452e5f3fb86b3f9967e201785051d23.tar | grep etc/passwd -rw-rw-r-- 0/0 765 2020-11-18 08:55 etc/passwd -rw-r--r-- 0/0 703 2020-10-30 06:09 etc/passwd- Actual results: We see: -rw-rw-r-- Expected results: Expect to see: -rw-r--r-- Additional info:
Copying the reference link here for visibility - https://access.redhat.com/articles/4859371 contains details of using nss_wrapper to work around changing permissions on /etc/passwd
I don't see any relevant code in baremetal-operator, and the bug description only mentions openshift-installer, so moving the bug there for further triaging.
Verified this on registry.ci.openshift.org/ocp/release:4.13.0-0.ci-2023-02-22-062403. For image baremetal-installer sha256:e19f171ac3955654150db6a2bc8233c4bf46dbcc4831c529023095c9c1fa6825 [root@preserve-gpei-worker test]# tar vtf 11eb2df7eab8707909716903be89831d7b276eacefe92d5e833e001ab44d44aa.tar| grep etc/passwd -rw-r--r-- 0/0 829 2023-02-21 20:23 etc/passwd -rw-r--r-- 0/0 767 2022-09-06 13:22 etc/passwd-
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.13.0 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:1326