Skip to content

Fix variable file permission

Alessio Caiazza requested to merge 2570-variable-permissions into master

What does this MR do?

Prevent kubernetes executor failure when the image does not run as root.

Why was this MR needed?

The user problem is described in #2570 (closed)

The problem is that stages running with the Predefined command run as root and if a variable is dumped to the disk, like CI_SERVER_TLS_CA_FILE, it will be root owned on the following stages.

Are there points in the code the reviewer needs to double check?

Personally I don't like this solution, but it's a fast and general fix to the problem. In case of CI_SERVER_TLS_KEY_FILE we will end up exposing a key file with global readability, which may not be a problem with docker and kubernetes but it's very dangerous with the shell runner.

Does this MR meet the acceptance criteria?

  • Documentation created/updated
  • Tests
    • Added for this feature/bug
    • All builds are passing
  • Branch has no merge conflicts with master (if you do - rebase it please)

What are the relevant issue numbers?

Closes #2570 (closed)

Merge request reports