[launcher] Update cs host directory permission (#571)

jkl73 · web-flow · commit 938b9de47b27 · 2025-05-21T11:10:43.000-07:00
Non root workload should be able to access the directory. 0744
doesn't include the execute permission for non root user.
Change it to 0755
diff --git a/launcher/container_runner.go b/launcher/container_runner.go
@@ -476,7 +476,7 @@ func (r *ContainerRunner) fetchAndWriteToken(ctx context.Context) error {
 // retry specifies the refresher goroutine's retry policy.
 func (r *ContainerRunner) fetchAndWriteTokenWithRetry(ctx context.Context,
 	retry func() *backoff.ExponentialBackOff) error {
-	if err := os.MkdirAll(launcherfile.HostTmpPath, 0744); err != nil {
+	if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil {
 		return err
 	}
 	duration, err := r.refreshToken(ctx)
diff --git a/launcher/container_runner_test.go b/launcher/container_runner_test.go
@@ -160,7 +160,7 @@ func TestRefreshToken(t *testing.T) {
 		logger: logging.SimpleLogger(),
 	}
 
-	if err := os.MkdirAll(launcherfile.HostTmpPath, 0744); err != nil {
+	if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil {
 		t.Fatalf("Error creating host token path directory: %v", err)
 	}
 
@@ -205,7 +205,7 @@ func TestRefreshTokenWithSignedContainerCacheEnabled(t *testing.T) {
 		logger:      logging.SimpleLogger(),
 	}
 
-	if err := os.MkdirAll(launcherfile.HostTmpPath, 0744); err != nil {
+	if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil {
 		t.Fatalf("Error creating host token path directory: %v", err)
 	}
 
@@ -245,7 +245,7 @@ func TestRefreshTokenWithSignedContainerCacheEnabled(t *testing.T) {
 }
 
 func TestRefreshTokenError(t *testing.T) {
-	if err := os.MkdirAll(launcherfile.HostTmpPath, 0744); err != nil {
+	if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil {
 		t.Fatalf("Error creating host token path directory: %v", err)
 	}
 
diff --git a/launcher/launcher/main.go b/launcher/launcher/main.go
@@ -92,7 +92,7 @@ func main() {
 		return
 	}
 
-	if err := os.MkdirAll(launcherfile.HostTmpPath, 0744); err != nil {
+	if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil {
 		logger.Error(fmt.Sprintf("failed to create %s: %v", launcherfile.HostTmpPath, err))
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -476,7 +476,7 @@ func (r *ContainerRunner) fetchAndWriteToken(ctx context.Context) error {`
`476`	`476`	`// retry specifies the refresher goroutine's retry policy.`
`477`	`477`	`func (r *ContainerRunner) fetchAndWriteTokenWithRetry(ctx context.Context,`
`478`	`478`	`retry func() *backoff.ExponentialBackOff) error {`
`479`		`- if err := os.MkdirAll(launcherfile.HostTmpPath, 0744); err != nil {`
	`479`	`+ if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil {`
`480`	`480`	`return err`
`481`	`481`	`}`
`482`	`482`	`duration, err := r.refreshToken(ctx)`
Original file line number	Diff line number	Diff line change
`@@ -160,7 +160,7 @@ func TestRefreshToken(t *testing.T) {`
`160`	`160`	`logger: logging.SimpleLogger(),`
`161`	`161`	`}`
`162`	`162`
`163`		`- if err := os.MkdirAll(launcherfile.HostTmpPath, 0744); err != nil {`
	`163`	`+ if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil {`
`164`	`164`	`t.Fatalf("Error creating host token path directory: %v", err)`
`165`	`165`	`}`
`166`	`166`
`@@ -205,7 +205,7 @@ func TestRefreshTokenWithSignedContainerCacheEnabled(t *testing.T) {`
`205`	`205`	`logger: logging.SimpleLogger(),`
`206`	`206`	`}`
`207`	`207`
`208`		`- if err := os.MkdirAll(launcherfile.HostTmpPath, 0744); err != nil {`
	`208`	`+ if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil {`
`209`	`209`	`t.Fatalf("Error creating host token path directory: %v", err)`
`210`	`210`	`}`
`211`	`211`
`@@ -245,7 +245,7 @@ func TestRefreshTokenWithSignedContainerCacheEnabled(t *testing.T) {`
`245`	`245`	`}`
`246`	`246`
`247`	`247`	`func TestRefreshTokenError(t *testing.T) {`
`248`		`- if err := os.MkdirAll(launcherfile.HostTmpPath, 0744); err != nil {`
	`248`	`+ if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil {`
`249`	`249`	`t.Fatalf("Error creating host token path directory: %v", err)`
`250`	`250`	`}`
`251`	`251`
Original file line number	Diff line number	Diff line change
`@@ -92,7 +92,7 @@ func main() {`
`92`	`92`	`return`
`93`	`93`	`}`
`94`	`94`
`95`		`- if err := os.MkdirAll(launcherfile.HostTmpPath, 0744); err != nil {`
	`95`	`+ if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil {`
`96`	`96`	`logger.Error(fmt.Sprintf("failed to create %s: %v", launcherfile.HostTmpPath, err))`
`97`	`97`	`}`
`98`	`98`