Information
You should verify that the Containerd socket file is owned by root and group owned by root.
Rationale:
Containerd is an underlying component used by Docker to create and manage containers. It provides a socket file similar to the Docker socket, which must be protected from unauthorized access. If any other user or process owns this socket, it might be possible for that non-privileged user or process to interact with the Containerd daemon. Additionally, in this case a non-privileged user or process might be able to interact with containers which is neither a secure nor desired behavior.
Unlike the Docker socket, there is usually no requirement for non-privileged users to connect to the socket, so the ownership should be root:root.
Impact:
None.
Solution
You should execute the following command:
chown root:root /run/containerd/containerd.sock
This sets the ownership to root and group ownership to root for the default Containerd socket file.
Default Value:
By default, the ownership and group ownership for the Containerd socket file is correctly set to root:root.