From f1f844daabdacf46f6237ddf0a90c370dbe2348a Mon Sep 17 00:00:00 2001 From: Chong Cai Date: Thu, 17 Sep 2020 16:27:01 -0700 Subject: Set mode when creating Merkle tree file PiperOrigin-RevId: 332340342 --- pkg/sentry/fsimpl/verity/filesystem.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/sentry/fsimpl/verity/filesystem.go b/pkg/sentry/fsimpl/verity/filesystem.go index f86a6a0b2..d00340802 100644 --- a/pkg/sentry/fsimpl/verity/filesystem.go +++ b/pkg/sentry/fsimpl/verity/filesystem.go @@ -372,6 +372,7 @@ func (fs *filesystem) lookupAndVerifyLocked(ctx context.Context, parent *dentry, Path: fspath.Parse(childMerkleFilename), }, &vfs.OpenOptions{ Flags: linux.O_RDWR | linux.O_CREAT, + Mode: 0644, }) if err != nil { return nil, err -- cgit v1.2.3