From 8197e3f9c1b89bc499f5ac070a706b0ff9ee89ab Mon Sep 17 00:00:00 2001
From: Paul Buetow <paul@buetow.org>
Date: Fri, 9 Jan 2026 16:03:02 +0200
Subject: Make .ssh directory world-readable for SELinux compatibility

SELinux prevents root from accessing 700 directories in some contexts.
Use 755 for directory and 644 for authorized_keys to allow access.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 f3s/git-server/helm-chart/templates/deployment.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'f3s/git-server')

diff --git a/f3s/git-server/helm-chart/templates/deployment.yaml b/f3s/git-server/helm-chart/templates/deployment.yaml
index e48fc8e..7a7ed57 100644
--- a/f3s/git-server/helm-chart/templates/deployment.yaml
+++ b/f3s/git-server/helm-chart/templates/deployment.yaml
@@ -29,8 +29,8 @@ spec:
           # The /ssh-git mount point IS the .ssh directory
           cp /ssh-keys-secret/authorized_keys /ssh-git/authorized_keys
           chown -R 1000:1000 /ssh-git
-          chmod 700 /ssh-git
-          chmod 600 /ssh-git/authorized_keys
+          chmod 755 /ssh-git
+          chmod 644 /ssh-git/authorized_keys
         volumeMounts:
         - name: ssh-host-keys
           mountPath: /ssh-init
-- 
cgit v1.2.3