summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2020-08-06 18:13:55 -0700
committergVisor bot <gvisor-bot@google.com>2020-08-06 18:16:21 -0700
commitf20e63e31b56784c596897e86f03441f9d05f567 (patch)
tree99139042eb7d7caeaa0dfcc866a303b14aa8e42c
parent90021e775a6e8059ea4f4262a16c4f962d3b9732 (diff)
Add LinkAt support to gofer
Updates #1198 PiperOrigin-RevId: 325350818
-rw-r--r--images/basic/linktest/Dockerfile7
-rw-r--r--images/basic/linktest/link_test.c93
-rw-r--r--pkg/sentry/fsimpl/gofer/filesystem.go26
-rw-r--r--pkg/sentry/fsimpl/gofer/gofer.go2
-rwxr-xr-xscripts/docker_tests.sh2
-rw-r--r--test/e2e/integration_test.go18
6 files changed, 143 insertions, 5 deletions
diff --git a/images/basic/linktest/Dockerfile b/images/basic/linktest/Dockerfile
new file mode 100644
index 000000000..baebc9b76
--- /dev/null
+++ b/images/basic/linktest/Dockerfile
@@ -0,0 +1,7 @@
+FROM ubuntu:bionic
+
+WORKDIR /root
+COPY . .
+
+RUN apt-get update && apt-get install -y gcc
+RUN gcc -O2 -o link_test link_test.c
diff --git a/images/basic/linktest/link_test.c b/images/basic/linktest/link_test.c
new file mode 100644
index 000000000..45ab00abe
--- /dev/null
+++ b/images/basic/linktest/link_test.c
@@ -0,0 +1,93 @@
+// Copyright 2020 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <err.h>
+#include <fcntl.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+// Basic test for linkat(2). Syscall tests requires CAP_DAC_READ_SEARCH and it
+// cannot use tricks like userns as root. For this reason, run a basic link test
+// to ensure some coverage.
+int main(int argc, char** argv) {
+ const char kOldPath[] = "old.txt";
+ int fd = open(kOldPath, O_RDWR | O_CREAT | O_TRUNC, 0600);
+ if (fd < 0) {
+ errx(1, "open(%s) failed", kOldPath);
+ }
+ const char kData[] = "some random content";
+ if (write(fd, kData, sizeof(kData)) < 0) {
+ err(1, "write failed");
+ }
+ close(fd);
+
+ struct stat old_stat;
+ if (stat(kOldPath, &old_stat)) {
+ errx(1, "stat(%s) failed", kOldPath);
+ }
+
+ const char kNewPath[] = "new.txt";
+ if (link(kOldPath, kNewPath)) {
+ errx(1, "link(%s, %s) failed", kOldPath, kNewPath);
+ }
+
+ struct stat new_stat;
+ if (stat(kNewPath, &new_stat)) {
+ errx(1, "stat(%s) failed", kNewPath);
+ }
+
+ // Check that files are the same.
+ if (old_stat.st_dev != new_stat.st_dev) {
+ errx(1, "files st_dev is different, want: %lu, got: %lu", old_stat.st_dev,
+ new_stat.st_dev);
+ }
+ if (old_stat.st_ino != new_stat.st_ino) {
+ errx(1, "files st_ino is different, want: %lu, got: %lu", old_stat.st_ino,
+ new_stat.st_ino);
+ }
+
+ // Check that link count is correct.
+ if (new_stat.st_nlink != old_stat.st_nlink + 1) {
+ errx(1, "wrong nlink, want: %lu, got: %lu", old_stat.st_nlink + 1,
+ new_stat.st_nlink);
+ }
+
+ // Check taht contents are the same.
+ fd = open(kNewPath, O_RDONLY);
+ if (fd < 0) {
+ errx(1, "open(%s) failed", kNewPath);
+ }
+ char buf[sizeof(kData)] = {};
+ if (read(fd, buf, sizeof(buf)) < 0) {
+ err(1, "read failed");
+ }
+ close(fd);
+
+ if (strcmp(buf, kData) != 0) {
+ errx(1, "file content mismatch: %s", buf);
+ }
+
+ // Cleanup.
+ if (unlink(kNewPath)) {
+ errx(1, "unlink(%s) failed", kNewPath);
+ }
+ if (unlink(kOldPath)) {
+ errx(1, "unlink(%s) failed", kOldPath);
+ }
+
+ // Success!
+ return 0;
+}
diff --git a/pkg/sentry/fsimpl/gofer/filesystem.go b/pkg/sentry/fsimpl/gofer/filesystem.go
index e6af37d0d..582b744bb 100644
--- a/pkg/sentry/fsimpl/gofer/filesystem.go
+++ b/pkg/sentry/fsimpl/gofer/filesystem.go
@@ -15,6 +15,7 @@
package gofer
import (
+ "math"
"sync"
"sync/atomic"
@@ -724,8 +725,29 @@ func (fs *filesystem) LinkAt(ctx context.Context, rp *vfs.ResolvingPath, vd vfs.
if rp.Mount() != vd.Mount() {
return syserror.EXDEV
}
- // 9P2000.L supports hard links, but we don't.
- return syserror.EPERM
+ d := vd.Dentry().Impl().(*dentry)
+ if d.isDir() {
+ return syserror.EPERM
+ }
+ gid := auth.KGID(atomic.LoadUint32(&d.gid))
+ uid := auth.KUID(atomic.LoadUint32(&d.uid))
+ mode := linux.FileMode(atomic.LoadUint32(&d.mode))
+ if err := vfs.MayLink(rp.Credentials(), mode, uid, gid); err != nil {
+ return err
+ }
+ if d.nlink == 0 {
+ return syserror.ENOENT
+ }
+ if d.nlink == math.MaxUint32 {
+ return syserror.EMLINK
+ }
+ if err := parent.file.link(ctx, d.file, childName); err != nil {
+ return err
+ }
+
+ // Success!
+ atomic.AddUint32(&d.nlink, 1)
+ return nil
}, nil)
}
diff --git a/pkg/sentry/fsimpl/gofer/gofer.go b/pkg/sentry/fsimpl/gofer/gofer.go
index 2e5575d8d..6ae796c6d 100644
--- a/pkg/sentry/fsimpl/gofer/gofer.go
+++ b/pkg/sentry/fsimpl/gofer/gofer.go
@@ -558,8 +558,6 @@ type dentry struct {
// filesystem.renameMu.
name string
- // We don't support hard links, so each dentry maps 1:1 to an inode.
-
// file is the unopened p9.File that backs this dentry. file is immutable.
//
// If file.isNil(), this dentry represents a synthetic file, i.e. a file
diff --git a/scripts/docker_tests.sh b/scripts/docker_tests.sh
index 07e9f3109..be0b0a3ec 100755
--- a/scripts/docker_tests.sh
+++ b/scripts/docker_tests.sh
@@ -23,5 +23,5 @@ test_runsc //test/image:image_test //test/e2e:integration_test
install_runsc_for_test docker --vfs2
IMAGE_FILTER="Hello|Httpd|Ruby|Stdio"
-INTEGRATION_FILTER="LifeCycle|Pause|Connect|JobControl|Overlay|Exec|DirCreation/root"
+INTEGRATION_FILTER="LifeCycle|Pause|Connect|JobControl|Overlay|Exec|DirCreation/root|Link"
test_runsc //test/e2e:integration_test //test/image:image_test --test_filter="${IMAGE_FILTER}|${INTEGRATION_FILTER}"
diff --git a/test/e2e/integration_test.go b/test/e2e/integration_test.go
index 6fe6d304f..71ec4791e 100644
--- a/test/e2e/integration_test.go
+++ b/test/e2e/integration_test.go
@@ -467,6 +467,24 @@ func TestHostOverlayfsRewindDir(t *testing.T) {
}
}
+// Basic test for linkat(2). Syscall tests requires CAP_DAC_READ_SEARCH and it
+// cannot use tricks like userns as root. For this reason, run a basic link test
+// to ensure some coverage.
+func TestLink(t *testing.T) {
+ ctx := context.Background()
+ d := dockerutil.MakeContainer(ctx, t)
+ defer d.CleanUp(ctx)
+
+ if got, err := d.Run(ctx, dockerutil.RunOpts{
+ Image: "basic/linktest",
+ WorkDir: "/root",
+ }, "./link_test"); err != nil {
+ t.Fatalf("docker run failed: %v", err)
+ } else if got != "" {
+ t.Errorf("test failed:\n%s", got)
+ }
+}
+
func TestMain(m *testing.M) {
dockerutil.EnsureSupportedDockerVersion()
flag.Parse()