1 files changed, 21 insertions, 0 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 7922da9b9..66881c040 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -126,6 +126,19 @@ void save_nogroups(void) {
 }
+void save_umask(void) {
+        FILE *fp = fopen(RUN_UMASK_FILE, "wxe");
+        if (fp) {
+                fprintf(fp, "%o\n", orig_umask);
+                SET_PERMS_STREAM(fp, 0, 0, 0644); // assume mode 0644
+                fclose(fp);
+        }
+        else {
+                fprintf(stderr, "Error: cannot save umask\n");
+                exit(1);
+        }
+}
 static void sandbox_if_up(Bridge *br) {
        assert(br);
        if (!br->configured)
@@ -367,6 +380,9 @@ void start_application(int no_sandbox) {
                env_defaults();
                env_apply();
        }
+        // restore original umask
+        umask(orig_umask);
        if (arg_debug) {
                printf("starting application\n");
                printf("LD_PRELOAD=%s\n", getenv("LD_PRELOAD"));
@@ -555,6 +571,11 @@ int sandbox(void* sandbox_arg) {
        fs_logger("install mount namespace");
        //****************************
+        // save the umask
+        //****************************
+        save_umask();
+        //****************************
        // netfilter
        //****************************
        if (arg_netfilter && any_bridge_configured()) { // assuming by default the client filter

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 7922da9b9..66881c040 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -126,6 +126,19 @@ void save_nogroups(void) {
126		126
127	}	127	}
128		128
		129	void save_umask(void) {
		130	FILE *fp = fopen(RUN_UMASK_FILE, "wxe");
		131	if (fp) {
		132	fprintf(fp, "%o\n", orig_umask);
		133	SET_PERMS_STREAM(fp, 0, 0, 0644); // assume mode 0644
		134	fclose(fp);
		135	}
		136	else {
		137	fprintf(stderr, "Error: cannot save umask\n");
		138	exit(1);
		139	}
		140	}
		141
129	static void sandbox_if_up(Bridge *br) {	142	static void sandbox_if_up(Bridge *br) {
130	assert(br);	143	assert(br);
131	if (!br->configured)	144	if (!br->configured)
@@ -367,6 +380,9 @@ void start_application(int no_sandbox) {
367	env_defaults();	380	env_defaults();
368	env_apply();	381	env_apply();
369	}	382	}
		383	// restore original umask
		384	umask(orig_umask);
		385
370	if (arg_debug) {	386	if (arg_debug) {
371	printf("starting application\n");	387	printf("starting application\n");
372	printf("LD_PRELOAD=%s\n", getenv("LD_PRELOAD"));	388	printf("LD_PRELOAD=%s\n", getenv("LD_PRELOAD"));
@@ -555,6 +571,11 @@ int sandbox(void* sandbox_arg) {
555	fs_logger("install mount namespace");	571	fs_logger("install mount namespace");
556		572
557	//****************************	573	//****************************
		574	// save the umask
		575	//****************************
		576	save_umask();
		577
		578	//****************************
558	// netfilter	579	// netfilter
559	//****************************	580	//****************************
560	if (arg_netfilter && any_bridge_configured()) { // assuming by default the client filter	581	if (arg_netfilter && any_bridge_configured()) { // assuming by default the client filter