From 91e981fb09644444abedc6f90081c559408d9fb7 Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Tue, 8 Oct 2024 16:52:20 +0200 Subject: [PATCH] fix(cmd): relax file perms for Falco driver config override Falco config files are not supposed to contain sensitive information, so read permissions are given to all users. With this fix, the permissions of the config file for the driver engine override will be aligned to other Falco configs files under `/etc/falco`. Signed-off-by: Leonardo Grasso --- cmd/driver/config/config.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/driver/config/config.go b/cmd/driver/config/config.go index 4a0e5e6d..55756835 100644 --- a/cmd/driver/config/config.go +++ b/cmd/driver/config/config.go @@ -1,5 +1,5 @@ // SPDX-License-Identifier: Apache-2.0 -// Copyright (C) 2023 The Falco Authors +// Copyright (C) 2024 The Falco Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -238,7 +238,7 @@ func overwriteDriverType(configDir string, driverType drivertype.DriverType) err _, err := os.Stat(configDir) if os.IsNotExist(err) { // Create it. - if err := os.MkdirAll(configDir, 0o750); err != nil { + if err := os.MkdirAll(configDir, 0o755); err != nil { // #nosec G301 //we want 755 permissions return fmt.Errorf("unable to create directory %s: %w", configDir, err) } } else if err != nil && !os.IsNotExist(err) { @@ -252,7 +252,7 @@ func overwriteDriverType(configDir string, driverType drivertype.DriverType) err } // Write the engine configuration to a specialized config file. - if err := os.WriteFile(filepath.Join(configDir, falcoDriverConfigFile), engineKind, 0o600); err != nil { + if err := os.WriteFile(filepath.Join(configDir, falcoDriverConfigFile), engineKind, 0o644); err != nil { // #nosec G306 //we want 755 permissions return fmt.Errorf("unable to persist engine kind to filesystem: %w", err) }