From 6eb91f7e0f5e05f53b6d486623607b9385a04984 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mathias=20Bj=C3=B6rkqvist?= <mathias.bjorkqvist@dfinity.org>
Date: Tue, 4 Apr 2023 11:24:16 +0200
Subject: [PATCH] feat(crypto): CRP-1974: Add umask for crypto-csp process

---
 ic-os/guestos/rootfs/etc/systemd/system/ic-crypto-csp.service | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ic-os/guestos/rootfs/etc/systemd/system/ic-crypto-csp.service b/ic-os/guestos/rootfs/etc/systemd/system/ic-crypto-csp.service
index 476de52ff08..6c356b9d306 100644
--- a/ic-os/guestos/rootfs/etc/systemd/system/ic-crypto-csp.service
+++ b/ic-os/guestos/rootfs/etc/systemd/system/ic-crypto-csp.service
@@ -11,6 +11,7 @@ Requires=ic-crypto-csp.socket
 StartLimitIntervalSec=0
 
 [Service]
+UMask=066
 User=ic-csp-vault
 Environment=RUST_BACKTRACE=1
 # When starting ic-crypto-csp, ideally --replica-config-file would directly point to