Bug 2063324 - MCO template output directories created with wrong mode causing render failure in unprivileged container environments
Summary: MCO template output directories created with wrong mode causing render failur...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Machine Config Operator
Version: 4.11
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.11.0
Assignee: Yu Qi Zhang
QA Contact: Rio Liu
URL:
Whiteboard:
Depends On:
Blocks: 2063326
TreeView+ depends on / blocked
 
Reported: 2022-03-11 19:30 UTC by Dan Mace
Modified: 2022-08-10 10:54 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-08-10 10:54:04 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-config-operator pull 3011 0 None Merged Bug 2063324: Ensure directories are created with usable permission bits 2022-03-14 20:08:24 UTC
Red Hat Product Errata RHSA-2022:5069 0 None None None 2022-08-10 10:54:22 UTC

Description Dan Mace 2022-03-11 19:30:29 UTC
Description of problem:

While integrating with HyperShift which executes MCO binaries in unprivileged containers, I discovered the MCO template execution is creating a parent output directory with mode 0655, which causes rendering to fail because subdirectories and files can't be created within that parent due to the missing executable bit for the owner.

Version-Release number of MCO (Machine Config Operator) (if applicable): 4.11

Platform (AWS, VSphere, Metal, etc.): All

Are you certain that the root cause of the issue being reported is the MCO (Machine Config Operator)?
(Y/N/Not sure): Yes

Steps to Reproduce:

Run `machine-config-operator bootstrap ... --dest-dir=/output`.

Actual results:

Resulting destination directory has mode `drw-r-xr-x`.

Expected results:

Destination directory should have mode `drwxr-xr-x`.

Comment 4 Dan Mace 2022-03-15 12:49:21 UTC
I can verify that the merged fix resolves the issues we were having in HyperShift.

Comment 5 Dan Mace 2022-03-15 12:49:47 UTC
To be clear, I DID verify that the merged fix resolves the issues we were having in HyperShift.

Comment 8 errata-xmlrpc 2022-08-10 10:54:04 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069


Note You need to log in before you can comment on or make changes to this bug.