setgid directories for VFS1 tmpfs, overlayfs, and goferfs

PiperOrigin-RevId: 375780659
author: Kevin Krakauer <krakauer@google.com> 2021-05-25 13:19:23 -0700
committer: gVisor bot <gvisor-bot@google.com> 2021-05-25 13:21:52 -0700
commit: f7bc60603e32d630598eca4663dfd9d03be5802f (patch)
tree: 899fc93bffc5ecee7297dfaecb7eaff2ee924b4d /pkg/sentry/fs/attr.go
parent: 4f2439fb0ed4a6efda2637417c7137d27e4c4d26 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/pkg/sentry/fs/attr.go b/pkg/sentry/fs/attr.go
index b90f7c1be..4c99944e7 100644
--- a/pkg/sentry/fs/attr.go
+++ b/pkg/sentry/fs/attr.go
@@ -478,6 +478,20 @@ func (f FilePermissions) AnyRead() bool {
 	return f.User.Read || f.Group.Read || f.Other.Read
 }
 
+// HasSetUIDOrGID returns true if either the setuid or setgid bit is set.
+func (f FilePermissions) HasSetUIDOrGID() bool {
+	return f.SetUID || f.SetGID
+}
+
+// DropSetUIDAndMaybeGID turns off setuid, and turns off setgid if f allows
+// group execution.
+func (f *FilePermissions) DropSetUIDAndMaybeGID() {
+	f.SetUID = false
+	if f.Group.Execute {
+		f.SetGID = false
+	}
+}
+
 // FileOwner represents ownership of a file.
 //
 // +stateify savable
author	Kevin Krakauer <krakauer@google.com>	2021-05-25 13:19:23 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-05-25 13:21:52 -0700
commit	f7bc60603e32d630598eca4663dfd9d03be5802f (patch)
tree	899fc93bffc5ecee7297dfaecb7eaff2ee924b4d /pkg/sentry/fs/attr.go
parent	4f2439fb0ed4a6efda2637417c7137d27e4c4d26 (diff)