From 292e3dc211310c44052c581a8b833cec8a021a71 Mon Sep 17 00:00:00 2001
From: Mikhail Klementev <blame@dumpstack.io>
Date: Thu, 23 Mar 2023 19:18:14 +0000
Subject: [PATCH] Set permissions on the internals of all container volumes

---
 kernel.go | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/kernel.go b/kernel.go
index 79be9b5..7a5d9cd 100644
--- a/kernel.go
+++ b/kernel.go
@@ -621,10 +621,18 @@ func genDockerKernels(dii dockerImageInfo, newkcfg *config.KernelConfig,
 		}
 		newkcfg.Kernels = append(newkcfg.Kernels, ki)
 
-		cmd := "find /boot -type f -exec chmod 0644 {} \\;"
-		_, err = c.Run("/tmp", cmd)
-		if err != nil {
-			return
+		for _, cmd := range []string{
+			"find /boot -type f -exec chmod 0644 {} \\;",
+			"find /boot -type d -exec chmod 0755 {} \\;",
+			"find /usr/src -type f -exec chmod 0644 {} \\;",
+			"find /usr/src -type d -exec chmod 0755 {} \\;",
+			"find /lib/modules -type f -exec chmod 0644 {} \\;",
+			"find /lib/modules -type d -exec chmod 0755 {} \\;",
+		} {
+			_, err = c.Run("/tmp", cmd)
+			if err != nil {
+				return
+			}
 		}
 	}