From ada4664429a486e5bde8859fa985842dd2e4098c Mon Sep 17 00:00:00 2001
From: Ruslan Kuprieiev <kupruser@gmail.com>
Date: Tue, 16 Sep 2014 13:34:00 +0400
Subject: [PATCH] security: change CR_FD_PERM from rw-rw-r-- to rw-r--r--

This makes only root to be able to modify images by default.
When using criu with suid bit set, group of the images is set
to user group, which is not safe, considering current CR_FD_PERM.

Signed-off-by: Ruslan Kuprieiev <kupruser@gmail.com>
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
---
 include/crtools.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/crtools.h b/include/crtools.h
index 75047fc0e..a51886e29 100644
--- a/include/crtools.h
+++ b/include/crtools.h
@@ -7,7 +7,7 @@
 #include "asm/types.h"
 #include "servicefd.h"
 
-#define CR_FD_PERM		(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH)
+#define CR_FD_PERM		(S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH)
 
 extern int check_img_inventory(void);
 extern int write_img_inventory(void);