Skip to content

[Feature Request] - Change permission of soci-snapshotter binary (/usr/bin/soci) to 0755 #1108

Description

@sudoudaisuke

Description

Please change the file permissions of the soci-snapshotter binary (/usr/bin/soci) to allow execution by non-root users.Currently, the permissions are restricted as follows:

bash-5.2# ls -al /usr/bin/soci
-rwxr--r-- 1 root root 28681048 Jun 16 16:57 /usr/bin/soci

Reason

soci-snapshotter now features a --standalone mode. This mode allows users to build and manipulate OCI images without requiring a container runtime or elevated root privileges.

bash-5.2# soci convert --help
Options:
  --standalone run in standalone mode without containerd runtime. In this mode, the command reads an OCI image layout (tar or directory) and writes a converted OCI image layout without requiring a running containerd instance.

Because it can run securely without a containerd instance or root privileges, the executable permission for /usr/bin/soci should be updated to 0755 so that non-root users can utilize this standalone feature.

Since soci does not require SUID or elevated host privileges for this standalone operation, changing the file permission to 0755 is safe and unlocks the full potential of non-root image manipulation.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions