From 3497eeff49a8ee9d54bb72b1f477493165122ca4 Mon Sep 17 00:00:00 2001
From: Rob Bradford <robert.bradford@intel.com>
Date: Wed, 27 May 2020 14:37:41 +0100
Subject: [PATCH] main: Set the umask to 0077

This ensures that all created filed are only read/write for the current user.

Fixes: #1240

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
---
 src/main.rs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/main.rs b/src/main.rs
index d9238ea61..f7c3a7420 100755
--- a/src/main.rs
+++ b/src/main.rs
@@ -359,6 +359,9 @@ fn start_vmm(cmd_arguments: ArgMatches) {
 }
 
 fn main() {
+    // Ensure all created files (.e.g sockets) are only accessible by this user
+    let _ = unsafe { libc::umask(0o077) };
+
     let pid = unsafe { libc::getpid() };
     let uid = unsafe { libc::getuid() };