Merge 4fdd560b (automated)

5 files changed, 170 insertions, 4 deletions

diff --git a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo.go b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo.go
index 532b33b9e..5b4ad3062 100755
--- a/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo.go
+++ b/pkg/sentry/kernel/seqatomic_taskgoroutineschedinfo.go
@@ -2,10 +2,11 @@ package kernel
 
 import (
 	"fmt"
-	"gvisor.googlesource.com/gvisor/third_party/gvsync"
 	"reflect"
 	"strings"
 	"unsafe"
+
+	"gvisor.googlesource.com/gvisor/third_party/gvsync"
 )
 
 // SeqAtomicLoad returns a copy of *ptr, ensuring that the read does not race
diff --git a/pkg/sentry/platform/ring0/defs_impl.go b/pkg/sentry/platform/ring0/defs_impl.go
index c69a36e76..b7a9f0812 100755
--- a/pkg/sentry/platform/ring0/defs_impl.go
+++ b/pkg/sentry/platform/ring0/defs_impl.go
@@ -4,11 +4,10 @@ import (
 	"fmt"
 	"gvisor.googlesource.com/gvisor/pkg/cpuid"
 	"gvisor.googlesource.com/gvisor/pkg/sentry/platform/ring0/pagetables"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/usermem"
 	"io"
 	"reflect"
 	"syscall"
-
-	"gvisor.googlesource.com/gvisor/pkg/sentry/usermem"
 )
 
 var (
diff --git a/pkg/sentry/time/seqatomic_parameters.go b/pkg/sentry/time/seqatomic_parameters.go
index f142c681a..54152a39a 100755
--- a/pkg/sentry/time/seqatomic_parameters.go
+++ b/pkg/sentry/time/seqatomic_parameters.go
@@ -2,10 +2,11 @@ package time
 
 import (
 	"fmt"
-	"gvisor.googlesource.com/gvisor/third_party/gvsync"
 	"reflect"
 	"strings"
 	"unsafe"
+
+	"gvisor.googlesource.com/gvisor/third_party/gvsync"
 )
 
 // SeqAtomicLoad returns a copy of *ptr, ensuring that the read does not race
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index c1dea736f..ff7009d30 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -20,6 +20,7 @@ import (
 	mrand "math/rand"
 	"os"
 	"runtime"
+	"strings"
 	"sync"
 	"sync/atomic"
 	"syscall"
@@ -534,6 +535,24 @@ func (l *Loader) run() error {
 			return err
 		}
 
+		// Read /etc/passwd for the user's HOME directory and set the HOME
+		// environment variable as required by POSIX if it is not overridden by
+		// the user.
+		hasHomeEnvv := false
+		for _, envv := range l.rootProcArgs.Envv {
+			if strings.HasPrefix(envv, "HOME=") {
+				hasHomeEnvv = true
+			}
+		}
+		if !hasHomeEnvv {
+			homeDir, err := getExecUserHome(rootCtx, rootMns, uint32(l.rootProcArgs.Credentials.RealKUID))
+			if err != nil {
+				return fmt.Errorf("error reading exec user: %v", err)
+			}
+
+			l.rootProcArgs.Envv = append(l.rootProcArgs.Envv, "HOME="+homeDir)
+		}
+
 		// Create the root container init task. It will begin running
 		// when the kernel is started.
 		if _, _, err := l.k.CreateProcess(l.rootProcArgs); err != nil {
diff --git a/runsc/boot/user.go b/runsc/boot/user.go
new file mode 100644
index 000000000..f3de8ccff
--- /dev/null
+++ b/runsc/boot/user.go
@@ -0,0 +1,146 @@
+// Copyright 2019 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package boot
+
+import (
+	"bufio"
+	"io"
+	"strconv"
+	"strings"
+
+	"gvisor.googlesource.com/gvisor/pkg/abi/linux"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/context"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/fs"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/usermem"
+)
+
+type fileReader struct {
+	// Ctx is the context for the file reader.
+	Ctx context.Context
+
+	// File is the file to read from.
+	File *fs.File
+}
+
+// Read implements io.Reader.Read.
+func (r *fileReader) Read(buf []byte) (int, error) {
+	n, err := r.File.Readv(r.Ctx, usermem.BytesIOSequence(buf))
+	return int(n), err
+}
+
+// getExecUserHome returns the home directory of the executing user read from
+// /etc/passwd as read from the container filesystem.
+func getExecUserHome(ctx context.Context, rootMns *fs.MountNamespace, uid uint32) (string, error) {
+	// The default user home directory to return if no user matching the user
+	// if found in the /etc/passwd found in the image.
+	const defaultHome = "/"
+
+	// Open the /etc/passwd file from the dirent via the root mount namespace.
+	mnsRoot := rootMns.Root()
+	maxTraversals := uint(linux.MaxSymlinkTraversals)
+	dirent, err := rootMns.FindInode(ctx, mnsRoot, nil, "/etc/passwd", &maxTraversals)
+	if err != nil {
+		// NOTE: Ignore errors opening the passwd file. If the passwd file
+		// doesn't exist we will return the default home directory.
+		return defaultHome, nil
+	}
+	defer dirent.DecRef()
+
+	// Check read permissions on the file.
+	if err := dirent.Inode.CheckPermission(ctx, fs.PermMask{Read: true}); err != nil {
+		// NOTE: Ignore permissions errors here and return default root dir.
+		return defaultHome, nil
+	}
+
+	// Only open regular files. We don't open other files like named pipes as
+	// they may block and might present some attack surface to the container.
+	// Note that runc does not seem to do this kind of checking.
+	if !fs.IsRegular(dirent.Inode.StableAttr) {
+		return defaultHome, nil
+	}
+
+	f, err := dirent.Inode.GetFile(ctx, dirent, fs.FileFlags{Read: true, Directory: false})
+	if err != nil {
+		return "", err
+	}
+	defer f.DecRef()
+
+	r := &fileReader{
+		Ctx:  ctx,
+		File: f,
+	}
+
+	homeDir, err := findHomeInPasswd(uid, r, defaultHome)
+	if err != nil {
+		return "", err
+	}
+
+	return homeDir, nil
+}
+
+// findHomeInPasswd parses a passwd file and returns the given user's home
+// directory. This function does it's best to replicate the runc's behavior.
+func findHomeInPasswd(uid uint32, passwd io.Reader, defaultHome string) (string, error) {
+	s := bufio.NewScanner(passwd)
+
+	for s.Scan() {
+		if err := s.Err(); err != nil {
+			return "", err
+		}
+
+		line := strings.TrimSpace(s.Text())
+		if line == "" {
+			continue
+		}
+
+		// Pull out part of passwd entry. Loosely parse the passwd entry as some
+		// passwd files could be poorly written and for compatibility with runc.
+		//
+		// Per 'man 5 passwd'
+		// /etc/passwd contains one line for each user account, with seven
+		// fields delimited by colons (“:”). These fields are:
+		//
+		// - login name
+		// - optional encrypted password
+		// - numerical user ID
+		// - numerical group ID
+		// - user name or comment field
+		// - user home directory
+		// - optional user command interpreter
+		parts := strings.Split(line, ":")
+
+		found := false
+		homeDir := ""
+		for i, p := range parts {
+			switch i {
+			case 2:
+				parsedUID, err := strconv.ParseUint(p, 10, 32)
+				if err == nil && parsedUID == uint64(uid) {
+					found = true
+				}
+			case 5:
+				homeDir = p
+			}
+		}
+		if found {
+			// NOTE: If the uid is present but the home directory is not
+			// present in the /etc/passwd entry we return an empty string. This
+			// is, for better or worse, what runc does.
+			return homeDir, nil
+		}
+	}
+
+	return defaultHome, nil
+}