You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Permissions (700) on /var/log and /var/log/containers don't allow non-root Daemonset to tail logs
I believe relaxing permissions to rwx--x--x is better than running logging containers as root...
... unless there's a completely different and better way to do this?
I think the whole concept of running a DaemonSet which mounts something from the host is a bad design decision (in Kubernetes/CRI), but there is no better way today.
So the API becomes the host filesystem, and permissions on the log files and directories become the API of the operating system towards log collection daemons.
I think given all of that, the only option is to make permissions match some sane defaults.
Bug Report
Permissions (700) on /var/log and /var/log/containers don't allow non-root Daemonset to tail logs
I believe relaxing permissions to rwx--x--x is better than running logging containers as root...
... unless there's a completely different and better way to do this?
Description
See open-telemetry/opentelemetry-collector-contrib#33083 (comment)
Environment
The text was updated successfully, but these errors were encountered: