From dc4df233595daa1b6eaa5a18d495b0a995660f7f Mon Sep 17 00:00:00 2001 From: Alexander Mikhalitsyn Date: Tue, 2 Apr 2024 12:55:19 +0200 Subject: [PATCH] lxc/lxccontainer: specify file mode in open() call inside mod_rdep We must explicitly specify file mode in open(.. O_CREAT ..). Let's set 0644, while previously it was 0666 [1] which seems too much. [1] https://sourceware.org/git/?p=glibc.git;a=blob;f=libio/fileops.c;h=4db4a76f755b1f3b766dc47c669c09242395ec95;hb=HEAD#l216 Fixes: Coverity 1596044 Signed-off-by: Alexander Mikhalitsyn --- src/lxc/lxccontainer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 017e86a09..aeae0c31c 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -2705,7 +2705,7 @@ static bool mod_rdep(struct lxc_container *c0, struct lxc_container *c, bool inc /* Here we know that we have or can use an lxc-snapshot file * using the new format. */ if (inc) { - fd = open(path, O_APPEND | O_WRONLY | O_CREAT | O_CLOEXEC); + fd = open(path, O_APPEND | O_WRONLY | O_CREAT | O_CLOEXEC, 0644); if (fd < 0) goto out; -- 2.47.2