fix: make master cert file world-readable in containers (#1127)

The master certificate file must be readable even for a non-root task, of course. (cherry picked from commit 665c7ba)
determined-ai · Aug 19, 2020 · 34804f8 · 34804f8
1 parent c4335d6
commit 34804f8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/master/pkg/tasks/copy.go b/master/pkg/tasks/copy.go
@@ -83,7 +83,7 @@ func masterCertArchive(cert *tls.Certificate) container.RunArchive {
 
 	var arch archive.Archive
 	if len(certBytes) != 0 {
-		arch = append(arch, archive.RootItem(certPath, certBytes, 0600, tar.TypeReg))
+		arch = append(arch, archive.RootItem(certPath, certBytes, 0644, tar.TypeReg))
 	}
 	return wrapArchive(arch, "/")
 }