-
Bug
-
Resolution: Obsolete
-
Undefined
-
None
-
4.12.z
-
None
-
Moderate
-
No
-
False
-
Description of problem:
All files under path /var/log/kube-apiserver/ should have 600 permission. File /var/log/kube-apiserver/termination.log for kube-apiserver on some nodes have 644 permission. $ for node in `oc get node -l node-role.kubernetes.io/control-plane= --no-headers|awk '{print $1}'`;do oc debug node/$node -- chroot /host ls -l /var/log/kube-apiserver/;done Starting pod/ci-op-scgfhdhd-8bc00-hx58v-master-0copenshift-qeinternal-debug ... To use host binaries, run `chroot /host` total 679876 -rw-------. 1 root root 104856620 Jul 4 10:22 audit-2023-07-04T10-22-14.884.log -rw-------. 1 root root 104857188 Jul 4 10:46 audit-2023-07-04T10-46-14.103.log -rw-------. 1 root root 104856732 Jul 4 11:12 audit-2023-07-04T11-12-58.298.log -rw-------. 1 root root 104856936 Jul 4 11:40 audit-2023-07-04T11-40-47.757.log -rw-------. 1 root root 104856474 Jul 4 12:09 audit-2023-07-04T12-09-23.952.log -rw-------. 1 root root 104856985 Jul 4 12:37 audit-2023-07-04T12-37-24.128.log -rw-------. 1 root root 66682844 Jul 4 12:54 audit.log -rw-r--r--. 1 root root 4 Jul 4 09:54 termination.log Removing debug pod ... Starting pod/ci-op-scgfhdhd-8bc00-hx58v-master-1copenshift-qeinternal-debug ... To use host binaries, run `chroot /host` total 271468 -rw-------. 1 root root 104857317 Jul 4 09:51 audit-2023-07-04T09-51-20.177.log -rw-------. 1 root root 104857001 Jul 4 11:18 audit-2023-07-04T11-18-55.018.log -rw-------. 1 root root 63478136 Jul 4 12:55 audit.log -rw-------. 1 root root 1223621 Jul 4 09:56 termination.log Removing debug pod ... Starting pod/ci-op-scgfhdhd-8bc00-hx58v-master-2copenshift-qeinternal-debug ... To use host binaries, run `chroot /host` total 643012 -rw-------. 1 root root 104856722 Jul 4 10:27 audit-2023-07-04T10-27-06.564.log -rw-------. 1 root root 104856459 Jul 4 10:49 audit-2023-07-04T10-49-34.441.log -rw-------. 1 root root 104856718 Jul 4 11:21 audit-2023-07-04T11-21-38.335.log -rw-------. 1 root root 104856557 Jul 4 11:54 audit-2023-07-04T11-54-08.838.log -rw-------. 1 root root 104856452 Jul 4 12:27 audit-2023-07-04T12-27-56.914.log -rw-------. 1 root root 88373352 Jul 4 12:55 audit.log -rw-r--r--. 1 root root 4 Jul 4 09:52 termination.log Removing debug pod ...
Version-Release number of selected component (if applicable):
4.12.0-0.nightly-2023-06-29-055454
How reproducible:
Always
Steps to Reproduce:
1.$ for node in `oc get node -l node-role.kubernetes.io/control-plane= --no-headers|awk '{print $1}'`;do oc debug node/$node -- chroot /host ls -l /var/log/kube-apiserver/;done 2.
3.
Actual results:
File /var/log/kube-apiserver/termination.log for kube-apiserver on some nodes has 644 permission.
Expected results:
All files under path /var/log/kube-apiserver/ should have 600 permission.
Additional info:
- is cloned by
-
-
- Closed
-
