We have cronie 1.5.7 rpm installed in a Pod running as non-root with no elevated privileges.

SecurityContext of the pod is as follows:

securityContext:
allowPrivilegeEscalation: false
appArmorProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
runAsGroup: 1234
runAsNonRoot: true
runAsUser: 1234
seccompProfile:
type: RuntimeDefault

When a user tries to run "crontab -e" in the pod, following error is thrown:

crontabber: installing new crontab
fchown: Operation not permitted
crontabber: edits left in /tmp/crontab.XwA4Wu

Looking at the codebase, we figured out the below line is causing the file_owner to be ROOT_UID in our pod
https://github.com/cronie-crond/cronie/blob/cronie-1.5.7/src/crontab.c#L878

file_owner = (getgid() == geteuid() && getgid() == getegid()) ? ROOT_UID : pw->pw_uid;

As the pod is running as non-root and the fchown operation is executed to set the tmp file as ROOT, the error is thrown.

We would like to understand the need of changing the file_owner to ROOT_UID in the /tmp location as this does not work in Pods running as non-root.

Could you please let me know if this is a bug. Is there any option to get this working in Pods without elevated privileges.