setgid directories for VFS1 tmpfs, overlayfs, and goferfs

PiperOrigin-RevId: 375780659
author: Kevin Krakauer <krakauer@google.com> 2021-05-25 13:19:23 -0700
committer: gVisor bot <gvisor-bot@google.com> 2021-05-25 13:21:52 -0700
commit: f7bc60603e32d630598eca4663dfd9d03be5802f (patch)
tree: 899fc93bffc5ecee7297dfaecb7eaff2ee924b4d /pkg/sentry/fs/gofer/file.go
parent: 4f2439fb0ed4a6efda2637417c7137d27e4c4d26 (diff)
1 files changed, 13 insertions, 3 deletions
diff --git a/pkg/sentry/fs/gofer/file.go b/pkg/sentry/fs/gofer/file.go
index 819e140bc..73d80d9b5 100644
--- a/pkg/sentry/fs/gofer/file.go
+++ b/pkg/sentry/fs/gofer/file.go
@@ -237,10 +237,20 @@ func (f *fileOperations) Write(ctx context.Context, file *fs.File, src usermem.I
 	// and availability of a host-mappable FD.
 	if f.inodeOperations.session().cachePolicy.useCachingInodeOps(file.Dirent.Inode) {
 		n, err = f.inodeOperations.cachingInodeOps.Write(ctx, src, offset)
-	} else if f.inodeOperations.fileState.hostMappable != nil {
-		n, err = f.inodeOperations.fileState.hostMappable.Write(ctx, src, offset)
 	} else {
-		n, err = src.CopyInTo(ctx, f.handles.readWriterAt(ctx, offset))
+		uattr, e := f.UnstableAttr(ctx, file)
+		if e != nil {
+			return 0, e
+		}
+		if f.inodeOperations.fileState.hostMappable != nil {
+			n, err = f.inodeOperations.fileState.hostMappable.Write(ctx, src, offset, uattr)
+		} else {
+			n, err = src.CopyInTo(ctx, f.handles.readWriterAt(ctx, offset))
+			if n > 0 && uattr.Perms.HasSetUIDOrGID() {
+				uattr.Perms.DropSetUIDAndMaybeGID()
+				f.inodeOperations.SetPermissions(ctx, file.Dirent.Inode, uattr.Perms)
+			}
+		}
 	}
 
 	if n == 0 {
author	Kevin Krakauer <krakauer@google.com>	2021-05-25 13:19:23 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-05-25 13:21:52 -0700
commit	f7bc60603e32d630598eca4663dfd9d03be5802f (patch)
tree	899fc93bffc5ecee7297dfaecb7eaff2ee924b4d /pkg/sentry/fs/gofer/file.go
parent	4f2439fb0ed4a6efda2637417c7137d27e4c4d26 (diff)