From 6da7a8d56217b0c601a56b9e5ac8e5cc1a7c160f Mon Sep 17 00:00:00 2001
From: ver4a <ver4a@uncontrol.me>
Date: Sat, 16 Nov 2024 01:03:25 +0100
Subject: [PATCH] Restrict permissions on quadlet directory

---
 Dockerfile.gnome | 3 +++
 Dockerfile.kde   | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/Dockerfile.gnome b/Dockerfile.gnome
index e733aa7..b8afc87 100644
--- a/Dockerfile.gnome
+++ b/Dockerfile.gnome
@@ -30,5 +30,8 @@ COPY etc /etc
 RUN firewall-offline-cmd --set-default-zone public
 RUN firewall-offline-cmd --remove-service ssh
 
+# Restrict permissions on quadlet directory
+RUN chmod 700 /etc/containers/systemd
+
 # https://github.com/ostreedev/ostree-rs-ext/issues/159
 RUN ostree container commit
diff --git a/Dockerfile.kde b/Dockerfile.kde
index ce846db..b82bf7d 100644
--- a/Dockerfile.kde
+++ b/Dockerfile.kde
@@ -30,5 +30,8 @@ COPY etc /etc
 RUN firewall-offline-cmd --set-default-zone public
 RUN firewall-offline-cmd --remove-service ssh
 
+# Restrict permissions on quadlet directory
+RUN chmod 700 /etc/containers/systemd
+
 # https://github.com/ostreedev/ostree-rs-ext/issues/159
 RUN ostree container commit