main: Set the umask to 0077

This ensures that all created filed are only read/write for the current user. Fixes: #1240 Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2024-10-05 13:05:45 +00:00 · 2020-05-27 14:37:41 +01:00 · 2020-05-27 14:37:41 +01:00 · 3497eeff49
commit 3497eeff49
parent c1d15de7fc
1 changed files with 3 additions and 0 deletions
--- a/src/main.rs
+++ b/src/main.rs
@ -359,6 +359,9 @@ fn start_vmm(cmd_arguments: ArgMatches) {
 }

 fn main() {
+    // Ensure all created files (.e.g sockets) are only accessible by this user
+    let _ = unsafe { libc::umask(0o077) };
+
    let pid = unsafe { libc::getpid() };
    let uid = unsafe { libc::getuid() };