Information
You should verify that all the registry certificate files (usually found under /etc/docker/certs.d/<registry-name> directory) have permissions of 444 or are set more restrictively.
Note that, by default, this directory might not exist if no registry certificate files are in place.
Rationale:
The /etc/docker/certs.d/<registry-name> directory contains Docker registry certificates. These certificate files must have permissions of 444or more restrictive permissions in order to ensure that unprivileged users do not have full access to them..
Impact:
None.
Solution
You should execute the following command:
find /etc/docker/certs.d/ -type f -exec chmod 0444 {} ;
This would set the permissions for the registry certificate files to 444.
Default Value:
By default, the permissions for registry certificate files might not be 444. The default file permissions are governed by the system or user specific umask values which are defined within the operating system itself.