diff options
author | Michael Pratt <mpratt@google.com> | 2018-08-02 16:00:29 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-08-02 16:01:31 -0700 |
commit | a3927157c56cc022cefebc30c8a9b6014f5d0412 (patch) | |
tree | 7ba66f6304055151f57ab3ed113410769dfe5952 | |
parent | b6a37ab9d96b382e26e3836a42ea485c48a521a8 (diff) |
Copy creds in access
PiperOrigin-RevId: 207181631
Change-Id: Ic6205278715a9260fb970efb414fc758ea72c4c6
-rw-r--r-- | pkg/sentry/syscalls/linux/sys_file.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go index 692f11ed7..94b7ac7a5 100644 --- a/pkg/sentry/syscalls/linux/sys_file.go +++ b/pkg/sentry/syscalls/linux/sys_file.go @@ -453,7 +453,7 @@ func accessAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, resolve bool, m // uid/gid. We do this by temporarily clearing all FS-related // capabilities and switching the fsuid/fsgid around to the // real ones." -fs/open.c:faccessat - creds := t.Credentials() + creds := t.Credentials().Fork() creds.EffectiveKUID = creds.RealKUID creds.EffectiveKGID = creds.RealKGID if creds.EffectiveKUID.In(creds.UserNamespace) == auth.RootUID { |