Open kangzhiqin opened 2 weeks ago
This issue is currently awaiting triage.
If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
/sig cli
/sig security
When kubectl edits resources, a kubectl-edit-xxx.yaml file is generated in the /tmp directory. Can this file be generated in other directories or can it be configured?
https://pkg.go.dev/os#CreateTemp which follows https://pkg.go.dev/os#TempDir
You can influence it by setting TMPDIR
environment variable
In actual applications, the /tmp directory has security risks.
The /tmp directory has security risks. It is recommended that logs be stored in other directories or be configurable.
This isn't a log file, and anywhere we create a file there's roughly the same issues with access control and other processes.
What do you propose instead?
When kubectl edits resources, a kubectl-edit-xxx.yaml file is generated in the /tmp directory. Can this file be generated in other directories or can it be configured?
https://pkg.go.dev/os#CreateTemp which follows https://pkg.go.dev/os#TempDir
You can influence it by setting
TMPDIR
environment variableIn actual applications, the /tmp directory has security risks.
The /tmp directory has security risks. It is recommended that logs be stored in other directories or be configurable.
This isn't a log file, and anywhere we create a file there's roughly the same issues with access control and other processes.
What do you propose instead?
Thank you for your reply. Can you add a configuration parameter to specify the output directory and consider the file aging?
What would you like to be added?
When kubectl edits resources, a kubectl-edit-xxx.yaml file is generated in the /tmp directory. Can this file be generated in other directories or can it be configured? In actual applications, the /tmp directory has security risks.
The code is probably in this location: https://github.com/kubernetes/kubernetes/blob/8dc49c4b984b897d423aab4971090e1879eb4f23/staging/src/k8s.io/kubectl/pkg/cmd/util/editor/editoptions.go#L299-L309
Why is this needed?
The /tmp directory has security risks. It is recommended that logs be stored in other directories or be configurable.
k8s version is 1.28.1