search

kubernetes / git-sync

A sidecar app which clones a git repo and keeps it in sync with the upstream.
Apache License 2.0
2.16k stars 409 forks source link

v4.0.0-rc4 error with permission denied in /tmp #793

Closed ventrebd closed 11 months ago

ventrebd commented 11 months ago

Attempted to upgrade from v4.0.0-rc3 to v4.0.0-rc4 today. Immediately receive an error about "permission denied" when creating "/tmp/git-sync.gitconfig.RANDOM_NUMBERS". When running as a sidecar container (with grafana), the user is NOT git-sync but rather 472 due to securityContext settings in the helm chart (the grafana user).

rc3 permissions (note sticky bit on /tmp):

$ ls -al /tmp
total 8
drwxrwxrwt 2 root root 4096 Aug  3  2017 .
drwxr-xr-x 1 root root 4096 Jul 31 14:26 ..
$ ls -al /git
total 8
drwxrwsr-x 2 git-sync git-sync 4096 Jul  7 03:12 .
drwxr-xr-x 1 root     root     4096 Jul 31 14:33 ..

rc4 permissions (/tmp owned by git-sync user):

$ ls -al /tmp
total 8
drwxr-xr-x 2 git-sync git-sync 4096 Jul 30 00:06 .
drwxr-xr-x 1 root     root     4096 Jul 31 14:27 ..
$ ls -al /git
total 8
drwxrwsr-x 2 git-sync git-sync 4096 Jul 28 19:51 .
drwxr-xr-x 1 root     root     4096 Jul 31 14:42 ..

I'm planning to work-around this by messing with security contexts, but wanted to make you aware.

thockin commented 11 months ago

Thanks! The build system did change some in rc4, so this is a real bug! Will fix.