-
Bug
-
Resolution: Unresolved
-
Normal
-
4.14.0
-
None
-
No
-
Rejected
-
False
-
This is a clone of issue OCPBUGS-16790. The following is the description of the original issue:
—
Description of problem:
Observation from CISv1.4 pdf: 1.1.9 Ensure that the Container Network Interface file permissions are set to 600 or more restrictive “Container Network Interface provides various networking options for overlay networking. You should consult their documentation and restrict their respective file permissions to maintain the integrity of those files. Those files should be writable by only the administrators on the system.” To conform with CIS benchmarksChange, the /var/run/multus/cni/net.d/*.conf files on nodes should be updated to 600. $ for i in $(oc get pods -n openshift-multus -l app=multus -oname); do oc exec -n openshift-multus $i -- /bin/bash -c "stat -c \"%a %n\" /host/var/run/multus/cni/net.d/*.conf"; done 644 /host/var/run/multus/cni/net.d/80-openshift-network.conf 644 /host/var/run/multus/cni/net.d/80-openshift-network.conf 644 /host/var/run/multus/cni/net.d/80-openshift-network.conf 644 /host/var/run/multus/cni/net.d/80-openshift-network.conf 644 /host/var/run/multus/cni/net.d/80-openshift-network.conf 644 /host/var/run/multus/cni/net.d/80-openshift-network.conf
Version-Release number of selected component (if applicable):
4.14.0-0.nightly-2023-07-20-215234
How reproducible:
Steps to Reproduce:
1. 2. 3.
Actual results:
The file permissions of /var/run/multus/cni/net.d/*.conf on nodes is 644.
Expected results:
The file permissions of /var/run/multus/cni/net.d/*.conf on nodes should be updated to 600
Additional info:
- blocks
-
-
- Closed
-
- clones
-
-
- Closed
-
- is blocked by
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
- links to
-
RHBA-2023:6846
OpenShift Container Platform 4.13.z bug fix update
