From d4d3fbc155419f4017064a65e718ad78d50115cc Mon Sep 17 00:00:00 2001
From: Ashley Cui <acui@redhat.com>
Date: Thu, 16 Jul 2020 21:49:47 -0400
Subject: Add --umask flag for create, run

--umask sets the umask inside the container
Defaults to 0022

Co-authored-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Ashley Cui <acui@redhat.com>
---
 libpod/container_internal_linux.go | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'libpod/container_internal_linux.go')

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 1c21f2ff9..edea62a0d 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -355,6 +355,14 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 		g.SetProcessGID(uint32(execUser.Gid))
 	}
 
+	if c.config.Umask != "" {
+		decVal, err := strconv.ParseUint(c.config.Umask, 8, 32)
+		if err != nil {
+			return nil, errors.Wrapf(err, "Invalid Umask Value")
+		}
+		g.SetProcessUmask(uint32(decVal))
+	}
+
 	// Add addition groups if c.config.GroupAdd is not empty
 	if len(c.config.Groups) > 0 {
 		gids, err := lookup.GetContainerGroups(c.config.Groups, c.state.Mountpoint, overrides)
-- 
cgit v1.2.3-54-g00ecf