From 83e803a9efe1c233582287d5eac49a4a5b12e0c4 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 28 May 2018 11:01:30 +0200
Subject: [PATCH] nspawn: reset umask early

Fixes #8911.
---
 src/nspawn/nspawn.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 35bdd89cb8b..2548c989a91 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -2618,8 +2618,6 @@ static int inner_child(
                 return r;
         kmsg_socket = safe_close(kmsg_socket);
 
-        umask(0022);
-
         if (setsid() < 0)
                 return log_error_errno(errno, "setsid() failed: %m");
 
@@ -4238,6 +4236,11 @@ int main(int argc, char *argv[]) {
                 }
         }
 
+        /* The "default" umask. This is appropriate for most file and directory
+        * operations performed by nspawn, and is the umask that will be used for
+        * the child. Functions like copy_devnodes() change the umask temporarily. */
+        umask(0022);
+
         if (arg_directory) {
                 assert(!arg_image);
 
-- 
2.47.3