Refactor kubetap-entrypoint.sh to remove redundant directory permission settings and improve config file handling

Lappihuan · Lappihuan · commit 922075919911 · 2025-11-30T23:58:52.000+01:00
diff --git a/proxies/mitmproxy/Dockerfile b/proxies/mitmproxy/Dockerfile
@@ -6,11 +6,10 @@ RUN apt-get update && \
     apt-get install -y --no-install-recommends tmux && \
     rm -rf /var/lib/apt/lists/*
 
-# HACK: the security context of the injected pod could be run as any user, therefore
-# all users must be able to write to the directory.
-# Ensure the directory exists and is world-writable
+# Ensure the directory exists and is world-writable BEFORE we switch users
 RUN mkdir -p /home/mitmproxy/.mitmproxy && \
-    chmod -R 777 /home/mitmproxy/.mitmproxy/
+    chmod 777 /home/mitmproxy && \
+    chmod 777 /home/mitmproxy/.mitmproxy
 
 # Hijack the mitmproxy entrypoint (docker-entrypoint.sh) so that
 # configuration can be built from within the container using the
diff --git a/proxies/mitmproxy/kubetap-entrypoint.sh b/proxies/mitmproxy/kubetap-entrypoint.sh
@@ -4,14 +4,9 @@ set -o errexit
 set -o pipefail
 set -o nounset
 
-# Ensure the .mitmproxy directory exists with proper permissions
-mkdir -p /home/mitmproxy/.mitmproxy
-chmod 777 /home/mitmproxy/.mitmproxy
-
 # Copy the config file if it exists and is readable
 if [ -f /home/mitmproxy/config/config.yaml ] && [ -r /home/mitmproxy/config/config.yaml ]; then
   cp /home/mitmproxy/config/config.yaml /home/mitmproxy/.mitmproxy/config.yaml
-  chmod 666 /home/mitmproxy/.mitmproxy/config.yaml
   echo "Config file copied to /home/mitmproxy/.mitmproxy/config.yaml" >&2
 else
   echo "Warning: Config file not found or not readable at /home/mitmproxy/config/config.yaml" >&2
