Information
Verify that the TLS CA certificate file (the file that is passed alongwith --tlscacert parameter) is owned and group-owned by root.
Rationale:
The TLS CA certificate file should be protected from any tampering. It is used to authenticate Docker server based on given CA certificate. Hence, it must be owned and group-owned by root to maintain the integrity of the CA certificate.
Solution
chown root:root <path to TLS CA certificate file>
This would set the ownership and group-ownership for the TLS CA certificate file to root.
Impact:
None.
Default Value:
By default, the ownership and group-ownership for TLS CA certificate file is correctly set to root.