From 3305221eefd18ba7712a308c1fb05d4eeeac2cc6 Mon Sep 17 00:00:00 2001
From: Yong Tang <yong.tang.github@outlook.com>
Date: Sun, 28 Jan 2018 07:13:48 +0000
Subject: [PATCH] Fix secret and config mode issue

This fix tries to address the issue raised in 36042
where secret and config are not configured with the
specified file mode.

This fix update the file mode so that it is not impacted
with umask.

Additional tests have been added.

This fix fixes 36042.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
---
 daemon/container_operations_unix.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go
index a123df3a9a..0aaa6c2253 100644
--- a/daemon/container_operations_unix.go
+++ b/daemon/container_operations_unix.go
@@ -239,6 +239,9 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 		if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil {
 			return errors.Wrap(err, "error setting ownership for secret")
 		}
+		if err := os.Chmod(fPath, s.File.Mode); err != nil {
+			return errors.Wrap(err, "error setting file mode for secret")
+		}
 	}
 
 	label.Relabel(localMountPath, c.MountLabel, false)
@@ -320,6 +323,9 @@ func (daemon *Daemon) setupConfigDir(c *container.Container) (setupErr error) {
 		if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil {
 			return errors.Wrap(err, "error setting ownership for config")
 		}
+		if err := os.Chmod(fPath, configRef.File.Mode); err != nil {
+			return errors.Wrap(err, "error setting file mode for config")
+		}
 
 		label.Relabel(fPath, c.MountLabel, false)
 	}