From 481afcc49ce1c59c1f1cf8e8fd47a8bb254d7cc4 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Wed, 18 Apr 2018 15:13:51 +0300
Subject: main/lxc: set umask for rootfs

---
 main/lxc/0001-do_lxcapi_create-set-umask.patch | 41 ++++++++++++++++++++++++++
 main/lxc/APKBUILD                              |  7 +++--
 2 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 main/lxc/0001-do_lxcapi_create-set-umask.patch

(limited to 'main/lxc')

diff --git a/main/lxc/0001-do_lxcapi_create-set-umask.patch b/main/lxc/0001-do_lxcapi_create-set-umask.patch
new file mode 100644
index 0000000000..050f3d844b
--- /dev/null
+++ b/main/lxc/0001-do_lxcapi_create-set-umask.patch
@@ -0,0 +1,41 @@
+From 4fc4df8ce71154eb45b7aa18b08b735d99e93eb8 Mon Sep 17 00:00:00 2001
+From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
+Date: Sun, 15 Apr 2018 14:50:28 +0300
+Subject: [PATCH] do_lxcapi_create: set umask
+
+---
+ src/lxc/lxccontainer.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
+index 5e8ad00f..0fe766e8 100644
+--- a/src/lxc/lxccontainer.c
++++ b/src/lxc/lxccontainer.c
+@@ -1605,6 +1605,7 @@ static bool do_lxcapi_create(struct lxc_container *c, const char *t,
+ 		char *const argv[])
+ {
+ 	bool ret = false;
++	mode_t mask;
+ 	pid_t pid;
+ 	char *tpath = NULL;
+ 	int partial_fd;
+@@ -1673,6 +1674,8 @@ static bool do_lxcapi_create(struct lxc_container *c, const char *t,
+ 
+ 	/* no need to get disk lock bc we have the partial locked */
+ 
++	mask = umask(0022);
++
+ 	/*
+ 	 * Create the backing store
+ 	 * Note we can't do this in the same task as we use to execute the
+@@ -1732,6 +1735,7 @@ static bool do_lxcapi_create(struct lxc_container *c, const char *t,
+ 	ret = load_config_locked(c, c->configfile);
+ 
+ out_unlock:
++	umask(mask);
+ 	if (partial_fd >= 0)
+ 		remove_partial(c, partial_fd);
+ out:
+-- 
+2.17.0
+
diff --git a/main/lxc/APKBUILD b/main/lxc/APKBUILD
index 185051c0be..86d198c23a 100644
--- a/main/lxc/APKBUILD
+++ b/main/lxc/APKBUILD
@@ -5,7 +5,7 @@
 pkgname=lxc
 pkgver=2.1.1
 _pkgver=${pkgver/_rc/.rc}
-pkgrel=6
+pkgrel=7
 pkgdesc="Userspace interface for the Linux kernel containment features"
 url="https://linuxcontainers.org/lxc/"
 arch="all"
@@ -13,12 +13,14 @@ license="GPL"
 depends="gzip"
 depends_dev="libcap-dev"
 makedepends="$depends_dev lvm2 util-linux automake autoconf libtool lua5.3-dev
-	linux-headers bash tar docbook2x libseccomp-dev python3-dev dnsmasq"
+	linux-headers bash tar docbook2x libseccomp-dev python3-dev dnsmasq
+	py3-setuptools"
 options="suid"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-lvm::noarch lua5.3-lxc:_lua53
 	$pkgname-download:_download:noarch $pkgname-templates::noarch $pkgname-libs
 	py3-$pkgname:_py3 $pkgname-bridge::noarch $pkgname-bash-completion:bashcomp:noarch"
 source="https://github.com/lxc/lxc/archive/lxc-$_pkgver.tar.gz
+	0001-do_lxcapi_create-set-umask.patch
 	version.patch
 	lxc.initd
 	lxc.confd
@@ -158,6 +160,7 @@ bashcomp() {
 }
 
 sha512sums="205d30a8914013f3d31bdcae9786a13b6728ae0d3630f51c644f06e1e96d03631630569a0ce55764ff7b8ee1d1d4d723926fdb2b916396aea212d9c3040b45ab  lxc-2.1.1.tar.gz
+029473d929e74c53f27982e713eae151e4b6c61635c4b38c16510b2fa996ea6ed96f29df131e9c58ab155631fc71eeb9cd5b46bcc051a99256c1dce4b0d4d7a5  0001-do_lxcapi_create-set-umask.patch
 e2ffcbf55447291a8434a4f37255c3a6a119bc4116c75d205006aa2b070bf6be28535cf6107bead14bbf64bf9fa415346ab544bd1c15e1add7d1c6380e6b2def  version.patch
 b74ffe7c3e8f193265a90ffeb6e5743b1212bc1416b898e5a7e59ddd7f06fc77dc34e2dcbb3614038ac6222a95e2b9beb9f03ab734c991837203ab626b1b091f  lxc.initd
 91de43db5369a9e10102933514d674e9c875218a1ff2910dd882e5b9c308f9e430deacb13d1d7e0b2ed1ef682d0bb035aa6f8a6738f54fa2ca3a05acce04e467  lxc.confd
-- 
cgit v1.2.3