main/lxc: set umask for rootfs

1 files changed, 41 insertions, 0 deletions

diff --git a/main/lxc/0001-do_lxcapi_create-set-umask.patch b/main/lxc/0001-do_lxcapi_create-set-umask.patch
new file mode 100644
index 0000000000..050f3d844b
--- /dev/null
+++ b/main/lxc/0001-do_lxcapi_create-set-umask.patch
@@ -0,0 +1,41 @@
+From 4fc4df8ce71154eb45b7aa18b08b735d99e93eb8 Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Sun, 15 Apr 2018 14:50:28 +0300
+Subject: [PATCH] do_lxcapi_create: set umask
+
+---
+ src/lxc/lxccontainer.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
+index 5e8ad00f..0fe766e8 100644
+--- a/src/lxc/lxccontainer.c
++++ b/src/lxc/lxccontainer.c
+@@ -1605,6 +1605,7 @@ static bool do_lxcapi_create(struct lxc_container *c, const char *t,
+ 		char *const argv[])
+ {
+ 	bool ret = false;
++	mode_t mask;
+ 	pid_t pid;
+ 	char *tpath = NULL;
+ 	int partial_fd;
+@@ -1673,6 +1674,8 @@ static bool do_lxcapi_create(struct lxc_container *c, const char *t,
+ 
+ 	/* no need to get disk lock bc we have the partial locked */
+ 
++	mask = umask(0022);
++
+ 	/*
+ 	 * Create the backing store
+ 	 * Note we can't do this in the same task as we use to execute the
+@@ -1732,6 +1735,7 @@ static bool do_lxcapi_create(struct lxc_container *c, const char *t,
+ 	ret = load_config_locked(c, c->configfile);
+ 
+ out_unlock:
++	umask(mask);
+ 	if (partial_fd >= 0)
+ 		remove_partial(c, partial_fd);
+ out:
+-- 
+2.17.0
+