Add support for umask when exec container

Signed-off-by: WangXiaoSong <wang.xiaosong1@zte.com.cn>
2025-09-26 19:41:35 +08:00 · 2022-11-11 17:25:22 +08:00
parent 5a0642d6fd
commit 7b4c3fc111
2 changed files with 9 additions and 0 deletions
--- a/libcontainer/setns_init_linux.go
+++ b/libcontainer/setns_init_linux.go
@@ -59,6 +59,10 @@ func (l *linuxSetnsInit) Init() error {
 			return err
 		}
 	}
+	if l.config.Config.Umask != nil {
+		unix.Umask(int(*l.config.Config.Umask))
+	}
+
 	if err := selinux.SetExecLabel(l.config.ProcessLabel); err != nil {
 		return err
 	}
--- a/tests/integration/umask.bats
+++ b/tests/integration/umask.bats
@@ -21,4 +21,9 @@ function teardown() {
 	[ "$status" -eq 0 ]
 	# umask 63 decimal = umask 77 octal
 	[[ "${output}" == *"77"* ]]
+
+	runc exec test_busybox grep '^Umask:' "/proc/self/status"
+	[ "$status" -eq 0 ]
+	# umask 63 decimal = umask 77 octal
+	[[ "${output}" == *"77"* ]]
 }