From 4cb0839e417bd517cf721f4df73b55af9334401f Mon Sep 17 00:00:00 2001
From: Derek McGowan <derek@mcgstyle.net>
Date: Wed, 26 Apr 2017 14:40:36 -0700
Subject: [PATCH] Ensure grpc socket is group writable

Updates the filemode on the grpc socket to have group write
permission which is needed to perform GRPC. Additionally, ensure
the run directory has the specified group ownership and has group
read and enter permission.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
---
 cmd/containerd/main_unix.go | 6 ++++++
 sys/socket_unix.go          | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/cmd/containerd/main_unix.go b/cmd/containerd/main_unix.go
index 6aa5626d2..74274f211 100644
--- a/cmd/containerd/main_unix.go
+++ b/cmd/containerd/main_unix.go
@@ -35,6 +35,12 @@ func platformInit(context *cli.Context) error {
 			return err
 		}
 	}
+	if err := os.MkdirAll(conf.State, 0750); err != nil {
+		return err
+	}
+	if err := os.Chown(conf.State, conf.GRPC.Uid, conf.GRPC.Gid); err != nil {
+		return err
+	}
 	return nil
 }
 
diff --git a/sys/socket_unix.go b/sys/socket_unix.go
index e5f2ba6c1..cd361c25e 100644
--- a/sys/socket_unix.go
+++ b/sys/socket_unix.go
@@ -28,6 +28,11 @@ func GetLocalListener(path string, uid, gid int) (net.Listener, error) {
 		return l, err
 	}
 
+	if err := os.Chmod(path, 0660); err != nil {
+		l.Close()
+		return nil, err
+	}
+
 	if err := os.Chown(path, uid, gid); err != nil {
 		l.Close()
 		return nil, err