External/cloud-hypervisor
1
0
Fork 0
mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2025-02-22 11:22:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

main: Set the umask to 0077

Browse Source 
This ensures that all created filed are only read/write for the current user.

Fixes: #1240

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
This commit is contained in:
Rob Bradford 2020-05-27 14:37:41 +01:00
parent c1d15de7fc
commit 3497eeff49
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/main.rs
View File

@ -359,6 +359,9 @@ fn start_vmm(cmd_arguments: ArgMatches) {
} }
fn main() { fn main() {
// Ensure all created files (.e.g sockets) are only accessible by this user
let _ = unsafe { libc::umask(0o077) };
let pid = unsafe { libc::getpid() }; let pid = unsafe { libc::getpid() };
let uid = unsafe { libc::getuid() }; let uid = unsafe { libc::getuid() };