Add --umask flag for create, run

--umask sets the umask inside the container Defaults to 0022 Co-authored-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Ashley Cui <acui@redhat.com>
author: Ashley Cui <acui@redhat.com> 2020-07-16 21:49:47 -0400
committer: Ashley Cui <acui@redhat.com> 2020-07-21 14:22:30 -0400
commit: d4d3fbc155419f4017064a65e718ad78d50115cc (patch)
tree: 4f73ccfa606a6f8a0d4de07749ce2323687b870d /libpod/container_internal_linux.go
parent: df6920aa79073b2767d24c6524367384b6284b31 (diff)
download: podman-d4d3fbc155419f4017064a65e718ad78d50115cc.tar.gz
podman-d4d3fbc155419f4017064a65e718ad78d50115cc.tar.bz2
podman-d4d3fbc155419f4017064a65e718ad78d50115cc.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 1c21f2ff9..edea62a0d 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -355,6 +355,14 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 		g.SetProcessGID(uint32(execUser.Gid))
 	}
 
+	if c.config.Umask != "" {
+		decVal, err := strconv.ParseUint(c.config.Umask, 8, 32)
+		if err != nil {
+			return nil, errors.Wrapf(err, "Invalid Umask Value")
+		}
+		g.SetProcessUmask(uint32(decVal))
+	}
+
 	// Add addition groups if c.config.GroupAdd is not empty
 	if len(c.config.Groups) > 0 {
 		gids, err := lookup.GetContainerGroups(c.config.Groups, c.state.Mountpoint, overrides)
author	Ashley Cui <acui@redhat.com>	2020-07-16 21:49:47 -0400
committer	Ashley Cui <acui@redhat.com>	2020-07-21 14:22:30 -0400
commit	d4d3fbc155419f4017064a65e718ad78d50115cc (patch)
tree	4f73ccfa606a6f8a0d4de07749ce2323687b870d /libpod/container_internal_linux.go
parent	df6920aa79073b2767d24c6524367384b6284b31 (diff)
download	podman-d4d3fbc155419f4017064a65e718ad78d50115cc.tar.gz podman-d4d3fbc155419f4017064a65e718ad78d50115cc.tar.bz2 podman-d4d3fbc155419f4017064a65e718ad78d50115cc.zip