From a89d6ea1ef557af2d7f78a71e24dc43c2509fe0b Mon Sep 17 00:00:00 2001
From: Klaus Reuter <khr@mpcdf.mpg.de>
Date: Tue, 24 Oct 2023 11:32:17 +0200
Subject: [PATCH] restrict permissions of the mount point

---
 condainer/condainer.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/condainer/condainer.py b/condainer/condainer.py
index 5827f98..3a507c9 100644
--- a/condainer/condainer.py
+++ b/condainer/condainer.py
@@ -273,7 +273,7 @@ def build(args):
         sys.exit(1)
     else:
         try:
-            os.makedirs(env_directory, exist_ok=True)
+            os.makedirs(env_directory, exist_ok=True, mode=0o700)
             create_base_environment(cfg)
             create_condainer_environment(cfg)
             clean_environment(cfg)
@@ -295,7 +295,7 @@ def mount(args):
             print("hint: condainer already mounted")
     else:
         env_directory = get_env_directory(cfg)
-        os.makedirs(env_directory, exist_ok=True)
+        os.makedirs(env_directory, exist_ok=True, mode=0o700)
         squashfs_image = get_image_filename(cfg)
         cmd = f"squashfuse {squashfs_image} {env_directory}".split()
         proc = subprocess.Popen(cmd, shell=False)
-- 
GitLab