git.feebdaed.xyz Git - 0xmirror/containerd.git/commit

Fix directory permissions

- Create /var/lib/containerd with 0o700 (was: 0o711).
- Create config.TempDir with 0o700 (was: 0o711).
- Create /run/containerd/io.containerd.grpc.v1.cri with 0o700 (was: 0o755).
- Create /run/containerd/io.containerd.sandbox.controller.v1.shim with 0o700 (was: 0o711).
- Leave /run/containerd and /run/containerd/io.containerd.runtime.v2.task created with 0o711,
  as required by userns-remapped containers.
  /run/containerd/io.containerd.runtime.v2.task/<NS>/<ID> is created with:
  - 0o700 for non-userns-remapped containers
  - 0o710 for userns-remapped containers with the remapped root group as the owner group.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

author	Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
	Mon, 27 Oct 2025 07:42:59 +0000 (16:42 +0900)
committer	Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
	Tue, 4 Nov 2025 07:04:30 +0000 (16:04 +0900)
commit	910171e90ec3a402c6669333483fbec9d0b414d7
tree	a63cd3249bd14d96b345f5fcab1067a0af38fd7f	tree \| snapshot
parent	8bcea1029ad66baa2b9f84b4eef4f7ae219201e4	commit \| diff

cmd/containerd/server/server.go		diff \| blob \| history
core/runtime/v2/task_manager.go		diff \| blob \| history
plugins/cri/runtime/plugin.go		diff \| blob \| history
plugins/sandbox/controller.go		diff \| blob \| history