From 38d7ef9865ff7336a4260623f515ee3577187e4c Mon Sep 17 00:00:00 2001
From: suoxiaocong <suoxiaocong@kylinos.cn>
Date: Mon, 28 Mar 2022 11:58:25 +0800
Subject: [PATCH] set umask to 0022

---
 0004-set-umask-to-0022.patch | 24 ++++++++++++++++++++++++
 podman.spec                  |  1 +
 2 files changed, 25 insertions(+)
 create mode 100644 0004-set-umask-to-0022.patch

diff --git a/0004-set-umask-to-0022.patch b/0004-set-umask-to-0022.patch
new file mode 100644
index 0000000..cc7a65e
--- /dev/null
+++ b/0004-set-umask-to-0022.patch
@@ -0,0 +1,24 @@
+From d14b291ebf2f8ae14b03bebd0f32b806b0e94332 Mon Sep 17 00:00:00 2001
+From: suoxiaocong <suoxiaocong@kylinos.cn>
+Date: Mon, 28 Mar 2022 11:52:20 +0800
+Subject: [PATCH] change umask
+
+---
+ .../cmd/podman/main.go                                           | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/cmd/podman/main.go b/cmd/podman/main.go
+index d4c8454..7ab095e 100644
+--- a/cmd/podman/main.go
++++ b/cmd/podman/main.go
+@@ -155,6 +155,7 @@ func main() {
+ 		} else {
+ 			logrus.Info("running as rootless")
+ 		}
++		syscall.Umask(0022)
+ 
+ 		if logLevel == "debug" {
+ 			debug = true
+-- 
+2.20.1
+
diff --git a/podman.spec b/podman.spec
index d9d5a2f..122824f 100644
--- a/podman.spec
+++ b/podman.spec
@@ -117,6 +117,7 @@ Patch4:   CVE-2021-20188-PRE3.patch
 Patch5:   CVE-2021-20188.patch
 Patch6:   0002-Fix-the-invalid-memory-address-reference.patch
 Patch7:   0003-eat-signal-23-in-signal-proxy.patch
+Patch8:   0004-set-umask-to-0022.patch
 
 %description
 Podman manages the entire container ecosystem which includes pods,
-- 
Gitee