Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fluentd config file permissions are too broad #365

Open
Boojapho opened this issue May 25, 2023 · 1 comment · May be fixed by #366
Open

Fluentd config file permissions are too broad #365

Boojapho opened this issue May 25, 2023 · 1 comment · May be fixed by #366

Comments

@Boojapho
Copy link
Contributor

In fluentd, volume mounts for configuration files (e.g. fluent.conf, configMapConfigs, fileConfigs) set the default mode to 0777. Kubernetes restricts configmaps to read-only, so it actually gets mounted at 0555. There is no reason to have the executable permission set on these files.

The default mode should be changed to 0444.
@Boojapho
Copy link
Contributor Author

The default for defaultmode is 0644. Since configmaps are read-only anyways, there would be an effective permission of 0444. So, I suggest we just remove the defaultmode completely and let the default take effect.

@Boojapho Boojapho linked a pull request May 25, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(fluentd): reduce permissions on configmap volumes Boojapho/fluent-helm-charts
1 participant
@Boojapho