Bug 2105159 - crio umask sometimes set to 0000 [4.8]
Summary: crio umask sometimes set to 0000 [4.8]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Node
Version: 4.8
Hardware: Unspecified
OS: Unspecified
high
low
Target Milestone: ---
: 4.8.z
Assignee: Sascha Grunert
QA Contact: Sunil Choudhary
URL:
Whiteboard:
Depends On: 2106793
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-07-08 07:03 UTC by Sascha Grunert
Modified: 2022-09-14 20:40 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2040612
Environment:
Last Closed: 2022-09-14 20:38:55 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github cri-o cri-o pull 6039 0 None open [release-1.21] Use a default umask of `0o022` 2022-07-08 07:06:40 UTC
Red Hat Product Errata RHSA-2022:6308 0 None None None 2022-09-14 20:40:08 UTC

Comment 3 Sunil Choudhary 2022-08-30 11:47:19 UTC 
 % oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.8.0-0.nightly-2022-08-29-151822   True        False         109m    Cluster version is 4.8.0-0.nightly-2022-08-29-151822

% oc get nodes
NAME                                         STATUS   ROLES    AGE    VERSION
ip-10-0-139-26.us-east-2.compute.internal    Ready    worker   128m   v1.21.11+31d53a1
ip-10-0-157-130.us-east-2.compute.internal   Ready    master   132m   v1.21.11+31d53a1
ip-10-0-161-252.us-east-2.compute.internal   Ready    worker   128m   v1.21.11+31d53a1
ip-10-0-170-181.us-east-2.compute.internal   Ready    master   132m   v1.21.11+31d53a1
ip-10-0-197-188.us-east-2.compute.internal   Ready    worker   128m   v1.21.11+31d53a1
ip-10-0-209-248.us-east-2.compute.internal   Ready    master   136m   v1.21.11+31d53a1

% oc debug node/ip-10-0-139-26.us-east-2.compute.internal
Starting pod/ip-10-0-139-26us-east-2computeinternal-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.139.26
If you don't see a command prompt, try pressing enter.

sh-4.4# umask
0022

sh-4.4# ps lp $(grep -l "Umask:[[:space:]]0000" /proc/[0-9]*/status | cut -f3 -d/) | grep -v "]$"
F   UID     PID    PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
4     0       1       0  20   0 177092 15572 do_epo Ss   ?          0:35 /usr/lib/systemd/systemd --switched-root --system --deserialize 16
1     0    2048       1  20   0 143820  2456 x64_sy Ssl  ?          0:00 /usr/bin/conmon -b /var/run/containers/storage/overlay-containers/a4f5c18c419706239cfe0365b570384d9bdf4db3ab5f602e7062d1cb03cf4223/userdata -c a4f5c18c419706239cfe0365b570384d9bdf4db3ab5f602e7062d1cb03cf4223 --exit-dir /var/run/crio/exits -l /var/log/pods/openshift-sdn_sdn-4brq6_9b1ca28d-3492-4a3b-a8e5-8ce7e4f84d68/sdn/0.log --log-level info -n k8s_sdn_sdn-4brq6_openshift-sdn_9b1ca28d-3492-4a3b-a8e5-8ce7e4f84d68_0 -P /var/run/containers/storage/overlay-containers/a4f5c18c419706239cfe0365b570384d9bdf4db3ab5f602e7062d1cb03cf4223/userdata/conmon-pidfile -p /var/run/containers/storage/overlay-containers/a4f5c18c419706239cfe0365b570384d9bdf4db3ab5f602e7062d1cb03cf4223/userdata/pidfile --persist-dir /var/lib/containers/storage/overlay-containers/a4f5c18c419706239cfe0365b570384d9bdf4db3ab5f602e7062d1cb03cf4223/userdata -r /usr/bin/runc --runtime-arg --root=/run/runc --socket-dir-path /var/run/crio -u a4f5c18c419706239cfe0365b570384d9bdf4db3ab5f602e7062d1cb03cf4223 -s
Comment 6 errata-xmlrpc 2022-09-14 20:38:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.8.49 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:6308
Note You need to log in before you can comment on or make changes to this bug.