From 9082857dc8e1e362a8131114c4ca5c9169546604 Mon Sep 17 00:00:00 2001
From: Ashley Cui <acui@redhat.com>
Date: Mon, 21 Jun 2021 23:44:51 -0400
Subject: [PATCH] Allow /etc/containers/containers.conf to be read by non-root

If a root user writes to a config using Write(), and there is not already an /etc/containers/containers.conf, Write() will create it. This config file also needs to be read by non-root podman.

Signed-off-by: Ashley Cui <acui@redhat.com>
---
 pkg/config/config.go            | 2 +-
 pkg/config/config_local_test.go | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/pkg/config/config.go b/pkg/config/config.go
index 9ac71c6c8..6fad393fa 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -981,7 +981,7 @@ func (c *Config) Write() error {
 	if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil {
 		return err
 	}
-	configFile, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0600)
+	configFile, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0644)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/config/config_local_test.go b/pkg/config/config_local_test.go
index c621dd0d1..2c51cbb41 100644
--- a/pkg/config/config_local_test.go
+++ b/pkg/config/config_local_test.go
@@ -276,6 +276,11 @@ var _ = Describe("Config Local", func() {
 		err = config.Write()
 		// Then
 		gomega.Expect(err).To(gomega.BeNil())
+		fi, err := os.Stat(tmpfile)
+		gomega.Expect(err).To(gomega.BeNil())
+		perm := int(fi.Mode().Perm())
+		// 436 decimal = 644 octal
+		gomega.Expect(perm).To(gomega.Equal(420))
 		defer os.Remove(tmpfile)
 	})
 	It("Default Umask", func() {