diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2021-07-24 21:08:38 +0200 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2021-07-24 21:08:38 +0200 |
| commit | 9b4cfb0621efecfe596d9b25da486ccbcfead4d9 (patch) | |
| tree | 2932bd9fc78f57c6d943b427425e26dfa0e8cfde | |
| parent | 93f62fdef01ffe75cfea30185ab581b59e081447 (diff) | |
| download | rebel-9b4cfb0621efecfe596d9b25da486ccbcfead4d9.tar rebel-9b4cfb0621efecfe596d9b25da486ccbcfead4d9.zip | |
runc: set umask to 022
| -rw-r--r-- | src/runner/runc.rs | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/runner/runc.rs b/src/runner/runc.rs index b423eee..eb894b3 100644 --- a/src/runner/runc.rs +++ b/src/runner/runc.rs @@ -5,7 +5,10 @@ mod spec; use std::{io, process}; use ipc_channel::ipc; -use nix::{sys::signal, unistd}; +use nix::{ + sys::{signal, stat}, + unistd, +}; use serde::{Deserialize, Serialize}; use crate::{runner, types::*, unshare, util::ipc::CheckDisconnect}; @@ -35,6 +38,8 @@ fn runner( unistd::setgid(unistd::Gid::from_raw(0)).expect("setgid()"); unistd::setgroups(&[]).expect("setgroups()"); + stat::umask(stat::Mode::from_bits_truncate(0o022)); + init::runc_init().unwrap(); unsafe { signal::signal(signal::Signal::SIGCHLD, signal::SigHandler::SigIgn) }.unwrap(); |