From 50c4d4ebd6cae28d6622b54d76e257f845ca9f1c Mon Sep 17 00:00:00 2001
From: Tim Gross <tgross@hashicorp.com>
Date: Fri, 14 Jan 2022 09:59:35 -0500
Subject: [PATCH] drivers: set world-readable permissions on copied resolv.conf

When we copy the system DNS to a task's `resolv.conf`, we should set
the permissions as world-readable so that unprivileged users within
the task can read it.
---
 drivers/shared/resolvconf/mount.go | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/drivers/shared/resolvconf/mount.go b/drivers/shared/resolvconf/mount.go
index 02393478efcd..63954166c835 100644
--- a/drivers/shared/resolvconf/mount.go
+++ b/drivers/shared/resolvconf/mount.go
@@ -69,15 +69,10 @@ func copySystemDNS(dest string) error {
 	}
 	defer in.Close()
 
-	out, err := os.Create(dest)
+	content, err := io.ReadAll(in)
 	if err != nil {
 		return err
 	}
-	defer func() {
-		out.Sync()
-		out.Close()
-	}()
 
-	_, err = io.Copy(out, in)
-	return err
+	return os.WriteFile(dest, content, 0644)
 }