From 35c928798d642b48314a5a3b13c478587236c30e Mon Sep 17 00:00:00 2001
From: Bryan Hundven <bryanhundven@gmail.com>
Date: Thu, 9 Sep 2021 23:35:59 -0700
Subject: [PATCH] Fix missing file mode (risky-file-permissions) (#7959)

* Fix missing file mode (risky-file-permissions)

Found this using ansible-lint.

Signed-off-by: Bryan Hundven <bryanhundven@gmail.com>

* Fix another missing file mode (risky-file-permissions)

This one fixes `/etc/crio/config.json`

Signed-off-by: Bryan Hundven <bryanhundven@gmail.com>
---
 roles/bootstrap-os/tasks/bootstrap-centos.yml | 1 +
 roles/container-engine/cri-o/tasks/main.yaml  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/roles/bootstrap-os/tasks/bootstrap-centos.yml b/roles/bootstrap-os/tasks/bootstrap-centos.yml
index c8a395af6..79d66eebf 100644
--- a/roles/bootstrap-os/tasks/bootstrap-centos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-centos.yml
@@ -74,6 +74,7 @@
     section: "extras"
     option: "{{ item.option }}"
     value: "{{ item.value }}"
+    mode: 0644
   with_items:
     - { option: "name", value: "CentOS-{{ ansible_distribution_major_version }} - Extras" }
     - { option: "enabled", value: "1" }
diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml
index 55db2690f..25b338ed5 100644
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -84,6 +84,7 @@
   template:
     src: config.json.j2
     dest: /etc/crio/config.json
+    mode: 0644
   register: reg_auth_install
 
 - name: Add skopeo pkg to install
-- 
GitLab