diff options
-rw-r--r-- | src/runner/runc.rs | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/runner/runc.rs b/src/runner/runc.rs index b423eee..eb894b3 100644 --- a/src/runner/runc.rs +++ b/src/runner/runc.rs @@ -5,7 +5,10 @@ mod spec; use std::{io, process}; use ipc_channel::ipc; -use nix::{sys::signal, unistd}; +use nix::{ + sys::{signal, stat}, + unistd, +}; use serde::{Deserialize, Serialize}; use crate::{runner, types::*, unshare, util::ipc::CheckDisconnect}; @@ -35,6 +38,8 @@ fn runner( unistd::setgid(unistd::Gid::from_raw(0)).expect("setgid()"); unistd::setgroups(&[]).expect("setgroups()"); + stat::umask(stat::Mode::from_bits_truncate(0o022)); + init::runc_init().unwrap(); unsafe { signal::signal(signal::Signal::SIGCHLD, signal::SigHandler::SigIgn) }.unwrap(); |