From: Daniel Golle <daniel@makrotopia.org>
Date: Sun, 19 Jul 2020 00:32:55 +0000 (+0100)
Subject: jail: read and apply umask from OCI if defined
X-Git-Url: http://git.openwrt.org/?p=project%2Fprocd.git;a=commitdiff_plain;h=0e1920cb006d1478c6546e99210a750645eeffc4

jail: read and apply umask from OCI if defined

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---

diff --git a/jail/jail.c b/jail/jail.c
index 287307f..522d139 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -94,6 +94,8 @@ static struct {
 	int gr_gid;
 	gid_t *additional_gids;
 	size_t num_additional_gids;
+	mode_t umask;
+	bool set_umask;
 	int require_jail;
 	struct {
 		struct hook_execvpe **createRuntime;
@@ -875,6 +877,9 @@ static int exec_jail(void *pipes_ptr)
 		exit(EXIT_FAILURE);
 	}
 
+	if (opts.set_umask)
+		umask(opts.umask);
+
 	if (applyOCIcapabilities(opts.capset))
 		exit(EXIT_FAILURE);
 
@@ -1267,7 +1272,10 @@ static int parseOCIprocessuser(struct blob_attr *msg) {
 		DEBUG("read %lu additional groups\n", gidcnt);
 	}
 
-	/* ToDo: umask */
+	if (tb[OCI_PROCESS_USER_UMASK]) {
+		opts.umask = blobmsg_get_u32(tb[OCI_PROCESS_USER_UMASK]);
+		opts.set_umask = true;
+	}
 
 	return 0;
 }