Add xtrabackup created files to exemptions

Signed-off-by: Matt Lord <[email protected]>

go/test/endtoend/cluster/vttablet_process.go

@@ -723,18 +723,22 @@ func (vttablet *VttabletProcess) ConfirmDataDirHasNoGlobalPerms(t *testing.T) {
 		return
 	}
 
-	// These are intentionally created with the world/other read bit set by mysqld itself
-	// during the --initialize[-insecure] step.
-	// See: https://dev.mysql.com/doc/mysql-security-excerpt/en/creating-ssl-rsa-files-using-mysql.html
-	// "On Unix and Unix-like systems, the file access mode is 644 for certificate files
-	// (that is, world readable) and 600 for key files (that is, accessible only by the
-	// account that runs the server)."
 	var allowedFiles = []string{
+		// These are intentionally created with the world/other read bit set by mysqld itself
+		// during the --initialize[-insecure] step.
+		// See: https://dev.mysql.com/doc/mysql-security-excerpt/en/creating-ssl-rsa-files-using-mysql.html
+		// "On Unix and Unix-like systems, the file access mode is 644 for certificate files
+		// (that is, world readable) and 600 for key files (that is, accessible only by the
+		// account that runs the server)."
 		path.Join("data", "ca.pem"),
 		path.Join("data", "client-cert.pem"),
 		path.Join("data", "public_key.pem"),
 		path.Join("data", "server-cert.pem"),
-		"mysql.sock", // Must have global perms for anyone to use it
+		// The domain socket must have global perms for anyone to use it.
+		"mysql.sock",
+		// These files are created by xtrabackup.
+		path.Join("tmp", "xtrabackup_checkpoints"),
+		path.Join("tmp", "xtrabackup_info"),
 	}
 
 	var matches []string