setgid directories for VFS1 tmpfs, overlayfs, and goferfs

PiperOrigin-RevId: 375780659

3 files changed, 42 insertions, 6 deletions

diff --git a/pkg/sentry/fs/tmpfs/fs.go b/pkg/sentry/fs/tmpfs/fs.go
index bc117ca6a..b48d475ed 100644
--- a/pkg/sentry/fs/tmpfs/fs.go
+++ b/pkg/sentry/fs/tmpfs/fs.go
@@ -151,5 +151,5 @@ func (f *Filesystem) Mount(ctx context.Context, device string, flags fs.MountSou
 	}
 
 	// Construct the tmpfs root.
-	return NewDir(ctx, nil, owner, perms, msrc), nil
+	return NewDir(ctx, nil, owner, perms, msrc, nil /* parent */)
 }
diff --git a/pkg/sentry/fs/tmpfs/inode_file.go b/pkg/sentry/fs/tmpfs/inode_file.go
index f4de8c968..7faa822f0 100644
--- a/pkg/sentry/fs/tmpfs/inode_file.go
+++ b/pkg/sentry/fs/tmpfs/inode_file.go
@@ -226,6 +226,12 @@ func (f *fileInodeOperations) Truncate(ctx context.Context, _ *fs.Inode, size in
 		now := ktime.NowFromContext(ctx)
 		f.attr.ModificationTime = now
 		f.attr.StatusChangeTime = now
+
+		// Truncating clears privilege bits.
+		f.attr.Perms.SetUID = false
+		if f.attr.Perms.Group.Execute {
+			f.attr.Perms.SetGID = false
+		}
 	}
 	f.dataMu.Unlock()
 
@@ -363,7 +369,14 @@ func (f *fileInodeOperations) write(ctx context.Context, src usermem.IOSequence,
 	now := ktime.NowFromContext(ctx)
 	f.attr.ModificationTime = now
 	f.attr.StatusChangeTime = now
-	return src.CopyInTo(ctx, &fileReadWriter{f, offset})
+	nwritten, err := src.CopyInTo(ctx, &fileReadWriter{f, offset})
+
+	// Writing clears privilege bits.
+	if nwritten > 0 {
+		f.attr.Perms.DropSetUIDAndMaybeGID()
+	}
+
+	return nwritten, err
 }
 
 type fileReadWriter struct {
diff --git a/pkg/sentry/fs/tmpfs/tmpfs.go b/pkg/sentry/fs/tmpfs/tmpfs.go
index 577052888..6aa8ff331 100644
--- a/pkg/sentry/fs/tmpfs/tmpfs.go
+++ b/pkg/sentry/fs/tmpfs/tmpfs.go
@@ -87,7 +87,20 @@ type Dir struct {
 var _ fs.InodeOperations = (*Dir)(nil)
 
 // NewDir returns a new directory.
-func NewDir(ctx context.Context, contents map[string]*fs.Inode, owner fs.FileOwner, perms fs.FilePermissions, msrc *fs.MountSource) *fs.Inode {
+func NewDir(ctx context.Context, contents map[string]*fs.Inode, owner fs.FileOwner, perms fs.FilePermissions, msrc *fs.MountSource, parent *fs.Inode) (*fs.Inode, error) {
+	// If the parent has setgid enabled, the new directory enables it and changes
+	// its GID.
+	if parent != nil {
+		parentUattr, err := parent.UnstableAttr(ctx)
+		if err != nil {
+			return nil, err
+		}
+		if parentUattr.Perms.SetGID {
+			owner.GID = parentUattr.Owner.GID
+			perms.SetGID = true
+		}
+	}
+
 	d := &Dir{
 		ramfsDir: ramfs.NewDir(ctx, contents, owner, perms),
 		kernel:   kernel.KernelFromContext(ctx),
@@ -101,7 +114,7 @@ func NewDir(ctx context.Context, contents map[string]*fs.Inode, owner fs.FileOwn
 		InodeID:   tmpfsDevice.NextIno(),
 		BlockSize: hostarch.PageSize,
 		Type:      fs.Directory,
-	})
+	}), nil
 }
 
 // afterLoad is invoked by stateify.
@@ -219,11 +232,21 @@ func (d *Dir) SetTimestamps(ctx context.Context, i *fs.Inode, ts fs.TimeSpec) er
 func (d *Dir) newCreateOps() *ramfs.CreateOps {
 	return &ramfs.CreateOps{
 		NewDir: func(ctx context.Context, dir *fs.Inode, perms fs.FilePermissions) (*fs.Inode, error) {
-			return NewDir(ctx, nil, fs.FileOwnerFromContext(ctx), perms, dir.MountSource), nil
+			return NewDir(ctx, nil, fs.FileOwnerFromContext(ctx), perms, dir.MountSource, dir)
 		},
 		NewFile: func(ctx context.Context, dir *fs.Inode, perms fs.FilePermissions) (*fs.Inode, error) {
+			// If the parent has setgid enabled, change the GID of the new file.
+			owner := fs.FileOwnerFromContext(ctx)
+			parentUattr, err := dir.UnstableAttr(ctx)
+			if err != nil {
+				return nil, err
+			}
+			if parentUattr.Perms.SetGID {
+				owner.GID = parentUattr.Owner.GID
+			}
+
 			uattr := fs.WithCurrentTime(ctx, fs.UnstableAttr{
-				Owner: fs.FileOwnerFromContext(ctx),
+				Owner: owner,
 				Perms: perms,
 				// Always start unlinked.
 				Links: 0,