Merge pull request #642 from Furisto/umask

Support umask

crates/libcontainer/src/process/container_init_process.rs

@@ -9,7 +9,9 @@ use crate::{
 use anyhow::{bail, Context, Result};
 use nix::mount::MsFlags;
 use nix::sched::CloneFlags;
+use nix::sys::stat::Mode;
 use nix::unistd::setsid;
+
 use nix::{
     fcntl,
     unistd::{self, Gid, Uid},
@@ -296,6 +298,14 @@ pub fn container_init_process(
         )?
     }
 
+    if let Some(umask) = proc.user().umask() {
+        if let Some(mode) = Mode::from_bits(umask) {
+            nix::sys::stat::umask(mode);
+        } else {
+            bail!("invalid umask {}", umask);
+        }
+    }
+
     if let Some(paths) = linux.readonly_paths() {
         // mount readonly path
         for path in paths {