summaryrefslogtreecommitdiff
path: root/pkg/specgen
diff options
context:
space:
mode:
authorAshley Cui <acui@redhat.com>2020-07-16 21:49:47 -0400
committerAshley Cui <acui@redhat.com>2020-07-21 14:22:30 -0400
commitd4d3fbc155419f4017064a65e718ad78d50115cc (patch)
tree4f73ccfa606a6f8a0d4de07749ce2323687b870d /pkg/specgen
parentdf6920aa79073b2767d24c6524367384b6284b31 (diff)
downloadpodman-d4d3fbc155419f4017064a65e718ad78d50115cc.tar.gz
podman-d4d3fbc155419f4017064a65e718ad78d50115cc.tar.bz2
podman-d4d3fbc155419f4017064a65e718ad78d50115cc.zip
Add --umask flag for create, run
--umask sets the umask inside the container Defaults to 0022 Co-authored-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Ashley Cui <acui@redhat.com>
Diffstat (limited to 'pkg/specgen')
-rw-r--r--pkg/specgen/generate/container_create.go3
-rw-r--r--pkg/specgen/specgen.go2
2 files changed, 5 insertions, 0 deletions
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 6dbc45c16..934d5fbac 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -145,6 +145,9 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
if s.Timezone != "" {
options = append(options, libpod.WithTimezone(s.Timezone))
}
+ if s.Umask != "" {
+ options = append(options, libpod.WithUmask(s.Umask))
+ }
useSystemd := false
switch s.Systemd {
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index c6079be33..84a6c36a0 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -287,6 +287,8 @@ type ContainerSecurityConfig struct {
// ReadOnlyFilesystem indicates that everything will be mounted
// as read-only
ReadOnlyFilesystem bool `json:"read_only_filesystem,omittempty"`
+ // Umask is the umask the init process of the container will be run with.
+ Umask string `json:"umask,omitempty"`
}
// ContainerCgroupConfig contains configuration information about a container's