[lxc-devel] [lxc/master] do_lxcapi_create: set umask

[kunkku on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 506 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180415/fcc6fecc/attachment.bin>
-------------- next part --------------
From 32679a2f2da72cc1d598de63c46d63e1bbe67f99 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
Date: Sun, 15 Apr 2018 14:50:28 +0300
Subject: [PATCH] do_lxcapi_create: set umask

Always use 022 as the umask when creating the rootfs directory and
executing the template. A too loose umask may cause security issues.
A too strict umask may cause programs to fail inside the container.
---
 src/lxc/lxccontainer.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 6d41b6cf1..c95fc83a8 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1698,6 +1698,7 @@ static bool do_lxcapi_create(struct lxc_container *c, const char *t,
 			     int flags, char *const argv[])
 {
 	int partial_fd;
+	mode_t mask;
 	pid_t pid;
 	bool ret = false;
 	char *tpath = NULL;
@@ -1770,6 +1771,8 @@ static bool do_lxcapi_create(struct lxc_container *c, const char *t,
 
 	/* No need to get disk lock bc we have the partial lock. */
 
+	mask = umask(0022);
+
 	/* Create the storage.
 	 * Note we can't do this in the same task as we use to execute the
 	 * template because of the way zfs works.
@@ -1830,6 +1833,7 @@ static bool do_lxcapi_create(struct lxc_container *c, const char *t,
 	ret = load_config_locked(c, c->configfile);
 
 out_unlock:
+	umask(mask);
 	if (partial_fd >= 0)
 		remove_partial(c, partial_fd);
 out: