Ensure umask is set appropriately for 'system service'

We need a umask of 0022 to ensure containers are created correctly, but we set a different one prior to starting the server (to ensure the unix socket has the right permissions). Thus, we need to set the umask after the socket has been bound, but before the server begins accepting requests. Fixes #6787 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
author: Matthew Heon <matthew.heon@pm.me> 2020-06-26 10:07:20 -0400
committer: Matthew Heon <matthew.heon@pm.me> 2020-07-06 14:21:17 -0400
commit: 0b7885b90a959f0552a481bcf7b27aa58d753d53 (patch)
tree: 4f6316e721f63d81241a7fef868cffd4ba3d391f
parent: 8643526953a32b854f4f7d69e570c9478b9f247c (diff)
download: podman-0b7885b90a959f0552a481bcf7b27aa58d753d53.tar.gz
podman-0b7885b90a959f0552a481bcf7b27aa58d753d53.tar.bz2
podman-0b7885b90a959f0552a481bcf7b27aa58d753d53.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go
index d68f6893a..8af6d3186 100644
--- a/pkg/api/server/server.go
+++ b/pkg/api/server/server.go
@@ -173,6 +173,10 @@ func (s *APIServer) Serve() error {
 		}()
 	}
 
+	// Before we start serving, ensure umask is properly set for container
+	// creation.
+	_ = syscall.Umask(0022)
+
 	go func() {
 		err := s.Server.Serve(s.Listener)
 		if err != nil && err != http.ErrServerClosed {
author	Matthew Heon <matthew.heon@pm.me>	2020-06-26 10:07:20 -0400
committer	Matthew Heon <matthew.heon@pm.me>	2020-07-06 14:21:17 -0400
commit	0b7885b90a959f0552a481bcf7b27aa58d753d53 (patch)
tree	4f6316e721f63d81241a7fef868cffd4ba3d391f
parent	8643526953a32b854f4f7d69e570c9478b9f247c (diff)
download	podman-0b7885b90a959f0552a481bcf7b27aa58d753d53.tar.gz podman-0b7885b90a959f0552a481bcf7b27aa58d753d53.tar.bz2 podman-0b7885b90a959f0552a481bcf7b27aa58d753d53.zip