From d4d3fbc155419f4017064a65e718ad78d50115cc Mon Sep 17 00:00:00 2001
From: Ashley Cui <acui@redhat.com>
Date: Thu, 16 Jul 2020 21:49:47 -0400
Subject: Add --umask flag for create, run

--umask sets the umask inside the container
Defaults to 0022

Co-authored-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Ashley Cui <acui@redhat.com>
---
 pkg/specgen/generate/container_create.go | 3 +++
 pkg/specgen/specgen.go                   | 2 ++
 2 files changed, 5 insertions(+)

(limited to 'pkg')

diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 6dbc45c16..934d5fbac 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -145,6 +145,9 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen.
 	if s.Timezone != "" {
 		options = append(options, libpod.WithTimezone(s.Timezone))
 	}
+	if s.Umask != "" {
+		options = append(options, libpod.WithUmask(s.Umask))
+	}
 
 	useSystemd := false
 	switch s.Systemd {
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index c6079be33..84a6c36a0 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -287,6 +287,8 @@ type ContainerSecurityConfig struct {
 	// ReadOnlyFilesystem indicates that everything will be mounted
 	// as read-only
 	ReadOnlyFilesystem bool `json:"read_only_filesystem,omittempty"`
+	// Umask is the umask the init process of the container will be run with.
+	Umask string `json:"umask,omitempty"`
 }
 
 // ContainerCgroupConfig contains configuration information about a container's
-- 
cgit v1.2.3-54-g00ecf