Since stipping S_SIGID should check S_IXGRP, so umask it to check whether works well. Signed-off-by: Yang Xu <xuyang2018.jy@xxxxxxxxxxx> --- If we enable acl on parent directory, then umask is useless, maybe we also add setfacl on parent directory because we may change the order about strip S_ISGID and posix_acl setup. Any idea? src/idmapped-mounts/idmapped-mounts.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/idmapped-mounts/idmapped-mounts.c b/src/idmapped-mounts/idmapped-mounts.c index 1e2f3904..30292426 100644 --- a/src/idmapped-mounts/idmapped-mounts.c +++ b/src/idmapped-mounts/idmapped-mounts.c @@ -7843,6 +7843,7 @@ static int setgid_create(void) int file1_fd = -EBADF; pid_t pid; + umask(S_IXGRP); if (!caps_supported()) return 0; @@ -8040,6 +8041,8 @@ static int setgid_create_idmapped(void) }; pid_t pid; + umask(S_IXGRP); + if (!caps_supported()) return 0; @@ -8166,6 +8169,7 @@ static int setgid_create_idmapped_in_userns(void) }; pid_t pid; + umask(S_IXGRP); if (!caps_supported()) return 0; -- 2.27.0
