From 8310534f1fd2de833147fd47340544fc2e97d09e Mon Sep 17 00:00:00 2001
From: Furisto <24721048+Furisto@users.noreply.github.com>
Date: Mon, 24 Jan 2022 22:29:23 +0100
Subject: [PATCH] Support umask

Signed-off-by: Furisto <24721048+Furisto@users.noreply.github.com>
---
 .../libcontainer/src/process/container_init_process.rs   | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/crates/libcontainer/src/process/container_init_process.rs b/crates/libcontainer/src/process/container_init_process.rs
index 6c4997577d..d1187903b6 100644
--- a/crates/libcontainer/src/process/container_init_process.rs
+++ b/crates/libcontainer/src/process/container_init_process.rs
@@ -9,6 +9,7 @@ use crate::{
 use anyhow::{bail, Context, Result};
 use nix::mount::MsFlags;
 use nix::sched::CloneFlags;
+use nix::sys::stat::Mode;
 use nix::{
     fcntl,
     unistd::{self, Gid, Uid},
@@ -294,6 +295,14 @@ pub fn container_init_process(
         )?
     }
 
+    if let Some(umask) = proc.user().umask() {
+        if let Some(mode) = Mode::from_bits(umask) {
+            nix::sys::stat::umask(mode);
+        } else {
+            bail!("invalid umask {}", umask);
+        }
+    }
+
     if let Some(paths) = linux.readonly_paths() {
         // mount readonly path
         for path in paths {