main: Set the umask to 0077

This ensures that all created filed are only read/write for the current user.

Fixes: #1240

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

src/main.rs

@@ -359,6 +359,9 @@ fn start_vmm(cmd_arguments: ArgMatches) {
 }
 
 fn main() {
+    // Ensure all created files (.e.g sockets) are only accessible by this user
+    let _ = unsafe { libc::umask(0o077) };
+
     let pid = unsafe { libc::getpid() };
     let uid = unsafe { libc::getuid() };