changelog: Add entry for sysext file ownership bugfix

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
2026-01-19 23:41:39 +01:00 · 2024-08-30 09:52:50 +02:00 · 2024-08-30 09:52:50 +02:00 · fa050e999d
commit fa050e999d
parent cf025a2be9
1 changed files with 1 additions and 0 deletions
--- a/changelog/bugfixes/2024-08-30-fix-sysext-file-ownership.md
+++ b/changelog/bugfixes/2024-08-30-fix-sysext-file-ownership.md
@ -0,0 +1 @@
+- Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. ([scripts#2266](https://github.com/flatcar/scripts/pull/2266))
				`@ -0,0 +1 @@`
				`- Fix ownership of systemd units shipped with built-in docker/containerd sysexts. The files shipped on production images were accidentally owned by 1000:1000 instead of 0:0. This uid/gid is not present on Flatcar images but would be assigned to the first created user. Due to contents of sysexts and /usr being readonly on Flatcar, the invalid permissions can't be used to escalate privileges. ([scripts#2266](https://github.com/flatcar/scripts/pull/2266))`