From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Mon, 28 May 2018 09:01:30 +0000 (+0200)
Subject: nspawn: reset umask early
X-Git-Tag: v239~197^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F9104%2Fhead;p=thirdparty%2Fsystemd.git

nspawn: reset umask early

Fixes #8911.
---

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 35bdd89cb8b..2548c989a91 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2618,8 +2618,6 @@ static int inner_child(
                 return r;
         kmsg_socket = safe_close(kmsg_socket);
 
-        umask(0022);
-
         if (setsid() < 0)
                 return log_error_errno(errno, "setsid() failed: %m");
 
@@ -4238,6 +4236,11 @@ int main(int argc, char *argv[]) {
                 }
         }
 
+        /* The "default" umask. This is appropriate for most file and directory
+        * operations performed by nspawn, and is the umask that will be used for
+        * the child. Functions like copy_devnodes() change the umask temporarily. */
+        umask(0022);
+
         if (arg_directory) {
                 assert(!arg_image);