Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-3160

In some directories(under /run/containers/storage/overlay-containers/) on two of the Infra nodes permissions are rw for other user

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 4.13.0
    • 4.10.0
    • Node / CRI-O
    • None
    • Critical
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      In some directories(under /run/containers/storage/overlay-containers/) on two of the Infra nodes permissions are rw for other user.

      ~~~

      1. cat config.json  | grep pod.name
                        "io.kubernetes.cri-o.Labels": "{\"io.kubernetes.container.name\":\"alertmanager-proxy\",\"io.kubernetes.pod.name\":\"alertmanager-main-0\",\"io.kubernetes.pod.namespace\":\"openshift-monitoring\",\"io.kubernetes.pod.uid\":\"75f52807-a249-4ac4-bb18-343ecee27bc3\"}",
                        "io.kubernetes.pod.name": "alertmanager-main-0",
                        "io.kubernetes.pod.namespace": "openshift-monitoring",
        [root@abc userdata]# cat config.json  | grep -i mountpoint
                        "io.kubernetes.cri-o.MountPoint": "/var/lib/containers/storage/overlay/a32134ee46778cebd484b9499780b3270d8987ac16fc430998c1991daa2b7e38/merged",
        [root@abc userdata]# pwd
        /run/containers/storage/overlay-containers/fe13ec7df50c81bb3eefaca195222a0afbed5140aa6f0982220b62f30ce79f85/userdata
        [root@abc userdata]# ll
        total 28
        srwx------. 1 root root     0 Aug  4 09:17 attach
        rw-rw-rw. 1 root root 16923 Aug  4 09:17 config.json
        rw-rw-rw. 1 root root     7 Aug  4 09:17 conmon-pidfile
        prw-rw-rw-. 1 root root     0 Aug  4 09:17 ctl
        rw-rw-rw. 1 root root     7 Aug  4 09:17 pidfile
        drwxr-xr-x. 3 root root    60 Aug  4 09:17 run
        prw-rw-rw-. 1 root root     0 Aug  4 09:17 winsz
        ~~~
        The customer asks:
        + Is it a pre-requisite on those files? When I checked on my test cluster, can't see those permissions:
        ~~~
      2. ll /run/containers/storage/overlay-containers/32a2787a3d5f965db50f9aac18365519e170862e0ff94bca4ff4dec2469f75be/userdata/
        total 20
        rw-rr-. 1 root root   5 Oct 18 19:35 conmon.pid
        rw-rr-. 1 root root  12 Oct 18 19:35 hostname
        rw-rr-. 1 root root 182 Oct 18 19:35 hosts
        rw-rr-. 1 root root   0 Oct 18 19:35 oci-log
        rw-rr-. 1 root root   5 Oct 18 19:35 pidfile
        rw-rr-. 1 root root 101 Oct 18 19:35 resolv.conf
        ~~~
        Is it normal or do we need to check something here?

       

      Version-Release number of selected component (if applicable):

      4.10.14

      How reproducible:

       

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

       

            pehunt@redhat.com Peter Hunt
            rhn-support-gakendre Gaurav Kendre
            Sunil Choudhary Sunil Choudhary
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: