Akihiro Suda 0450f046e6 Fix directory permissions ...

- Create /var/lib/containerd with 0o700 (was: 0o711).
- Create config.TempDir with 0o700 (was: 0o711).
- Create /run/containerd/io.containerd.grpc.v1.cri with 0o700 (was: 0o755).
- Create /run/containerd/io.containerd.sandbox.controller.v1.shim with 0o700 (was: 0o711).
- Leave /run/containerd and /run/containerd/io.containerd.runtime.v2.task created with 0o711,
  as required by userns-remapped containers.
  /run/containerd/io.containerd.runtime.v2.task/<NS>/<ID> is created with:
  - 0o700 for non-userns-remapped containers
  - 0o710 for userns-remapped containers with the remapped root group as the owner group.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 51b0cf11dc5af7ed1919beba259e644138b28d96)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

2025-10-29 14:48:21 +09:00

..

config

Merge pull request #10731 from henry118/proxy

2024-10-07 09:02:34 -04:00

namespace.go

Ensure namespace is proxied to grpc/ttrpc plugins

2021-10-16 00:09:50 +00:00

server_linux.go

migrate logs imports to github.com/containerd/log module

2024-05-27 14:38:51 +02:00

server_solaris.go

Correct import path in services/server package

2019-04-11 23:07:46 -05:00

server_test.go

Make test path a constant

2022-06-13 23:28:17 +03:00

server_unsupported.go

chore: use go fix to cleanup old +build buildtag

2022-12-29 14:25:14 +08:00

server_windows.go

Remove redundant build tags

2021-08-05 22:27:46 -07:00

server.go

Fix directory permissions

2025-10-29 14:48:21 +09:00