From 5a80770e8e4e0150a57a9870dd9cbf2c85dafb6e Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Fri, 22 Jul 2022 14:16:25 +0200
Subject: [PATCH] API: libpod/create use correct default umask

Make sure containers created via API have the correct umask from
containers.conf set.

Fixes #15036

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 pkg/api/handlers/libpod/containers_create.go | 3 +++
 test/apiv2/20-containers.at                  | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/api/handlers/libpod/containers_create.go b/pkg/api/handlers/libpod/containers_create.go
index e4964d6022..1307c267a7 100644
--- a/pkg/api/handlers/libpod/containers_create.go
+++ b/pkg/api/handlers/libpod/containers_create.go
@@ -31,6 +31,9 @@ func CreateContainer(w http.ResponseWriter, r *http.Request) {
 		ContainerNetworkConfig: specgen.ContainerNetworkConfig{
 			UseImageHosts: conf.Containers.NoHosts,
 		},
+		ContainerSecurityConfig: specgen.ContainerSecurityConfig{
+			Umask: conf.Containers.Umask,
+		},
 	}
 
 	if err := json.NewDecoder(r.Body).Decode(&sg); err != nil {
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at
index 6ef4ef917a..a8d9baef3f 100644
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@@ -123,7 +123,8 @@ t GET    libpod/containers/${cid}/json 200 \
   .Id=$cid \
   .State.Status~\\\(exited\\\|stopped\\\) \
   .State.Running=false \
-  .State.ExitCode=0
+  .State.ExitCode=0 \
+  .Config.Umask=0022 # regression check for #15036
 t DELETE libpod/containers/$cid 200 .[0].Id=$cid
 
 CNAME=myfoo