[syserror] Update syserror to linuxerr for EACCES, EBADF, and EPERM.

Update all instances of the above errors to the faster linuxerr implementation. With the temporary linuxerr.Equals(), no logical changes are made. PiperOrigin-RevId: 382306655
author: Zach Koopmans <zkoopmans@google.com> 2021-06-30 08:15:44 -0700
committer: gVisor bot <gvisor-bot@google.com> 2021-06-30 08:18:59 -0700
commit: 6ef268409620c57197b9d573e23be8cb05dbf381 (patch)
tree: 6dddb49b605335939b7ef7b23c50a3eadee5e912 /pkg/sentry/fs
parent: 66a79461a23e5e98c53a809eda442393cd6925b3 (diff)
17 files changed, 58 insertions, 53 deletions
diff --git a/pkg/sentry/fs/dev/net_tun.go b/pkg/sentry/fs/dev/net_tun.go
index 5674978bd..ae9aed7b5 100644
--- a/pkg/sentry/fs/dev/net_tun.go
+++ b/pkg/sentry/fs/dev/net_tun.go
@@ -99,7 +99,7 @@ func (n *netTunFileOperations) Ioctl(ctx context.Context, file *fs.File, io user
 	switch request {
 	case linux.TUNSETIFF:
 		if !t.HasCapability(linux.CAP_NET_ADMIN) {
-			return 0, syserror.EPERM
+			return 0, linuxerr.EPERM
 		}
 		stack, ok := t.NetworkContext().(*netstack.Stack)
 		if !ok {
diff --git a/pkg/sentry/fs/dirent.go b/pkg/sentry/fs/dirent.go
index e21c9d78e..1b17aa991 100644
--- a/pkg/sentry/fs/dirent.go
+++ b/pkg/sentry/fs/dirent.go
@@ -1320,7 +1320,7 @@ func lockForRename(oldParent *Dirent, oldName string, newParent *Dirent, newName
 func (d *Dirent) checkSticky(ctx context.Context, victim *Dirent) error {
 	uattr, err := d.Inode.UnstableAttr(ctx)
 	if err != nil {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 	if !uattr.Perms.Sticky {
 		return nil
@@ -1333,7 +1333,7 @@ func (d *Dirent) checkSticky(ctx context.Context, victim *Dirent) error {
 
 	vuattr, err := victim.Inode.UnstableAttr(ctx)
 	if err != nil {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 	if vuattr.Owner.UID == creds.EffectiveKUID {
 		return nil
@@ -1341,7 +1341,7 @@ func (d *Dirent) checkSticky(ctx context.Context, victim *Dirent) error {
 	if victim.Inode.CheckCapability(ctx, linux.CAP_FOWNER) {
 		return nil
 	}
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // MayDelete determines whether `name`, a child of `d`, can be deleted or
diff --git a/pkg/sentry/fs/gofer/path.go b/pkg/sentry/fs/gofer/path.go
index 1a6f353d0..79e165faf 100644
--- a/pkg/sentry/fs/gofer/path.go
+++ b/pkg/sentry/fs/gofer/path.go
@@ -312,7 +312,7 @@ func (i *inodeOperations) CreateFifo(ctx context.Context, dir *fs.Inode, name st
 
 func (i *inodeOperations) createInternalFifo(ctx context.Context, dir *fs.Inode, name string, owner fs.FileOwner, perm fs.FilePermissions) error {
 	if i.session().overrides == nil {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	// Stabilize the override map while creation is in progress.
diff --git a/pkg/sentry/fs/host/host.go b/pkg/sentry/fs/host/host.go
index 081ba1dd8..9f6dbd7e9 100644
--- a/pkg/sentry/fs/host/host.go
+++ b/pkg/sentry/fs/host/host.go
@@ -17,8 +17,8 @@ package host
 
 import (
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/sentry/fs"
-	"gvisor.dev/gvisor/pkg/syserror"
 )
 
 // filesystem is a host filesystem.
@@ -40,7 +40,7 @@ func (*filesystem) Name() string {
 
 // Mount returns an error. Mounting hostfs is not allowed.
 func (*filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, dataObj interface{}) (*fs.Inode, error) {
-	return nil, syserror.EPERM
+	return nil, linuxerr.EPERM
 }
 
 // AllowUserMount prohibits users from using mount(2) with this file system.
diff --git a/pkg/sentry/fs/host/inode.go b/pkg/sentry/fs/host/inode.go
index e299b532c..1b56f0919 100644
--- a/pkg/sentry/fs/host/inode.go
+++ b/pkg/sentry/fs/host/inode.go
@@ -17,6 +17,7 @@ package host
 import (
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/fd"
 	"gvisor.dev/gvisor/pkg/safemem"
 	"gvisor.dev/gvisor/pkg/secio"
@@ -113,7 +114,7 @@ func (i *inodeFileState) SetMaskedAttributes(ctx context.Context, mask fs.AttrMa
 		return nil
 	}
 	if mask.UID || mask.GID {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 	if mask.Perms {
 		if err := unix.Fchmod(i.FD(), uint32(attr.Perms.LinuxMode())); err != nil {
@@ -224,43 +225,43 @@ func (i *inodeOperations) Lookup(ctx context.Context, dir *fs.Inode, name string
 
 // Create implements fs.InodeOperations.Create.
 func (i *inodeOperations) Create(ctx context.Context, dir *fs.Inode, name string, flags fs.FileFlags, perm fs.FilePermissions) (*fs.File, error) {
-	return nil, syserror.EPERM
+	return nil, linuxerr.EPERM
 
 }
 
 // CreateDirectory implements fs.InodeOperations.CreateDirectory.
 func (i *inodeOperations) CreateDirectory(ctx context.Context, dir *fs.Inode, name string, perm fs.FilePermissions) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // CreateLink implements fs.InodeOperations.CreateLink.
 func (i *inodeOperations) CreateLink(ctx context.Context, dir *fs.Inode, oldname string, newname string) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // CreateHardLink implements fs.InodeOperations.CreateHardLink.
 func (*inodeOperations) CreateHardLink(context.Context, *fs.Inode, *fs.Inode, string) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // CreateFifo implements fs.InodeOperations.CreateFifo.
 func (*inodeOperations) CreateFifo(context.Context, *fs.Inode, string, fs.FilePermissions) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // Remove implements fs.InodeOperations.Remove.
 func (i *inodeOperations) Remove(ctx context.Context, dir *fs.Inode, name string) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // RemoveDirectory implements fs.InodeOperations.RemoveDirectory.
 func (i *inodeOperations) RemoveDirectory(ctx context.Context, dir *fs.Inode, name string) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // Rename implements fs.InodeOperations.Rename.
 func (i *inodeOperations) Rename(ctx context.Context, inode *fs.Inode, oldParent *fs.Inode, oldName string, newParent *fs.Inode, newName string, replacement bool) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // Bind implements fs.InodeOperations.Bind.
@@ -313,7 +314,7 @@ func (i *inodeOperations) Check(ctx context.Context, inode *fs.Inode, p fs.PermM
 
 // SetOwner implements fs.InodeOperations.SetOwner.
 func (i *inodeOperations) SetOwner(context.Context, *fs.Inode, fs.FileOwner) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // SetPermissions implements fs.InodeOperations.SetPermissions.
diff --git a/pkg/sentry/fs/host/tty.go b/pkg/sentry/fs/host/tty.go
index 2ff520100..c7010f35c 100644
--- a/pkg/sentry/fs/host/tty.go
+++ b/pkg/sentry/fs/host/tty.go
@@ -224,7 +224,7 @@ func (t *TTYFileOperations) Ioctl(ctx context.Context, _ *fs.File, io usermem.IO
 
 		// Check that new process group is in the TTY session.
 		if pg.Session() != t.session {
-			return 0, syserror.EPERM
+			return 0, linuxerr.EPERM
 		}
 
 		t.fgProcessGroup = pg
diff --git a/pkg/sentry/fs/inode.go b/pkg/sentry/fs/inode.go
index 41a3c2047..b8da3bdd4 100644
--- a/pkg/sentry/fs/inode.go
+++ b/pkg/sentry/fs/inode.go
@@ -17,6 +17,7 @@ package fs
 import (
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/refs"
 	"gvisor.dev/gvisor/pkg/sentry/fs/lock"
@@ -324,7 +325,7 @@ func (i *Inode) check(ctx context.Context, p PermMask) error {
 		return overlayCheck(ctx, i.overlay, p)
 	}
 	if !i.InodeOperations.Check(ctx, i, p) {
-		return syserror.EACCES
+		return linuxerr.EACCES
 	}
 	return nil
 }
diff --git a/pkg/sentry/fs/inode_overlay.go b/pkg/sentry/fs/inode_overlay.go
index bd1125dcc..ecd467533 100644
--- a/pkg/sentry/fs/inode_overlay.go
+++ b/pkg/sentry/fs/inode_overlay.go
@@ -569,7 +569,7 @@ func overlayGetXattr(ctx context.Context, o *overlayEntry, name string, size uin
 func overlaySetXattr(ctx context.Context, o *overlayEntry, d *Dirent, name, value string, flags uint32) error {
 	// Don't allow changes to overlay xattrs through a setxattr syscall.
 	if isXattrOverlay(name) {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	if err := copyUp(ctx, d); err != nil {
@@ -601,7 +601,7 @@ func overlayListXattr(ctx context.Context, o *overlayEntry, size uint64) (map[st
 func overlayRemoveXattr(ctx context.Context, o *overlayEntry, d *Dirent, name string) error {
 	// Don't allow changes to overlay xattrs through a removexattr syscall.
 	if isXattrOverlay(name) {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	if err := copyUp(ctx, d); err != nil {
@@ -688,7 +688,7 @@ func overlayGetlink(ctx context.Context, o *overlayEntry) (*Dirent, error) {
 		dirent.DecRef(ctx)
 
 		// Claim that the path is not accessible.
-		err = syserror.EACCES
+		err = linuxerr.EACCES
 		log.Warningf("Getlink not supported in overlay for %q", name)
 	}
 	return nil, err
diff --git a/pkg/sentry/fs/inotify.go b/pkg/sentry/fs/inotify.go
index 4e07043c7..ebdd418af 100644
--- a/pkg/sentry/fs/inotify.go
+++ b/pkg/sentry/fs/inotify.go
@@ -127,7 +127,7 @@ func (*Inotify) Readdir(context.Context, *File, DentrySerializer) (int64, error)
 
 // Write implements FileOperations.Write.
 func (*Inotify) Write(context.Context, *File, usermem.IOSequence, int64) (int64, error) {
-	return 0, syserror.EBADF
+	return 0, linuxerr.EBADF
 }
 
 // Read implements FileOperations.Read.
diff --git a/pkg/sentry/fs/proc/seqfile/BUILD b/pkg/sentry/fs/proc/seqfile/BUILD
index 713b81e08..90bd32345 100644
--- a/pkg/sentry/fs/proc/seqfile/BUILD
+++ b/pkg/sentry/fs/proc/seqfile/BUILD
@@ -9,13 +9,13 @@ go_library(
     deps = [
         "//pkg/abi/linux",
         "//pkg/context",
+        "//pkg/errors/linuxerr",
         "//pkg/hostarch",
         "//pkg/sentry/fs",
         "//pkg/sentry/fs/fsutil",
         "//pkg/sentry/fs/proc/device",
         "//pkg/sentry/kernel/time",
         "//pkg/sync",
-        "//pkg/syserror",
         "//pkg/usermem",
         "//pkg/waiter",
     ],
diff --git a/pkg/sentry/fs/proc/seqfile/seqfile.go b/pkg/sentry/fs/proc/seqfile/seqfile.go
index b01688b1d..77270814e 100644
--- a/pkg/sentry/fs/proc/seqfile/seqfile.go
+++ b/pkg/sentry/fs/proc/seqfile/seqfile.go
@@ -20,13 +20,13 @@ import (
 
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/hostarch"
 	"gvisor.dev/gvisor/pkg/sentry/fs"
 	"gvisor.dev/gvisor/pkg/sentry/fs/fsutil"
 	"gvisor.dev/gvisor/pkg/sentry/fs/proc/device"
 	ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
 	"gvisor.dev/gvisor/pkg/sync"
-	"gvisor.dev/gvisor/pkg/syserror"
 	"gvisor.dev/gvisor/pkg/usermem"
 	"gvisor.dev/gvisor/pkg/waiter"
 )
@@ -204,7 +204,7 @@ var _ fs.FileOperations = (*seqFileOperations)(nil)
 
 // Write implements fs.FileOperations.Write.
 func (*seqFileOperations) Write(context.Context, *fs.File, usermem.IOSequence, int64) (int64, error) {
-	return 0, syserror.EACCES
+	return 0, linuxerr.EACCES
 }
 
 // Read implements fs.FileOperations.Read.
diff --git a/pkg/sentry/fs/proc/task.go b/pkg/sentry/fs/proc/task.go
index 7ece1377a..7a7af31e4 100644
--- a/pkg/sentry/fs/proc/task.go
+++ b/pkg/sentry/fs/proc/task.go
@@ -62,7 +62,7 @@ func getTaskMM(t *kernel.Task) (*mm.MemoryManager, error) {
 func checkTaskState(t *kernel.Task) error {
 	switch t.ExitState() {
 	case kernel.TaskExitZombie:
-		return syserror.EACCES
+		return linuxerr.EACCES
 	case kernel.TaskExitDead:
 		return syserror.ESRCH
 	}
@@ -273,7 +273,7 @@ func (e *exe) executable() (file fsbridge.File, err error) {
 	e.t.WithMuLocked(func(t *kernel.Task) {
 		mm := t.MemoryManager()
 		if mm == nil {
-			err = syserror.EACCES
+			err = linuxerr.EACCES
 			return
 		}
 
@@ -291,7 +291,7 @@ func (e *exe) executable() (file fsbridge.File, err error) {
 // Readlink implements fs.InodeOperations.
 func (e *exe) Readlink(ctx context.Context, inode *fs.Inode) (string, error) {
 	if !kernel.ContextCanTrace(ctx, e.t, false) {
-		return "", syserror.EACCES
+		return "", linuxerr.EACCES
 	}
 
 	// Pull out the executable for /proc/TID/exe.
@@ -324,7 +324,7 @@ func newCwd(ctx context.Context, t *kernel.Task, msrc *fs.MountSource) *fs.Inode
 // Readlink implements fs.InodeOperations.
 func (e *cwd) Readlink(ctx context.Context, inode *fs.Inode) (string, error) {
 	if !kernel.ContextCanTrace(ctx, e.t, false) {
-		return "", syserror.EACCES
+		return "", linuxerr.EACCES
 	}
 	if err := checkTaskState(e.t); err != nil {
 		return "", err
@@ -381,7 +381,7 @@ func (n *namespaceSymlink) Readlink(ctx context.Context, inode *fs.Inode) (strin
 // Getlink implements fs.InodeOperations.Getlink.
 func (n *namespaceSymlink) Getlink(ctx context.Context, inode *fs.Inode) (*fs.Dirent, error) {
 	if !kernel.ContextCanTrace(ctx, n.t, false) {
-		return nil, syserror.EACCES
+		return nil, linuxerr.EACCES
 	}
 	if err := checkTaskState(n.t); err != nil {
 		return nil, err
@@ -449,7 +449,7 @@ func (m *memData) GetFile(ctx context.Context, dirent *fs.Dirent, flags fs.FileF
 	// Permission to read this file is governed by PTRACE_MODE_ATTACH_FSCREDS
 	// Since we dont implement setfsuid/setfsgid we can just use PTRACE_MODE_ATTACH
 	if !kernel.ContextCanTrace(ctx, m.t, true) {
-		return nil, syserror.EACCES
+		return nil, linuxerr.EACCES
 	}
 	if err := checkTaskState(m.t); err != nil {
 		return nil, err
diff --git a/pkg/sentry/fs/ramfs/BUILD b/pkg/sentry/fs/ramfs/BUILD
index 4a3d9636b..b46567cf8 100644
--- a/pkg/sentry/fs/ramfs/BUILD
+++ b/pkg/sentry/fs/ramfs/BUILD
@@ -14,6 +14,7 @@ go_library(
     deps = [
         "//pkg/abi/linux",
         "//pkg/context",
+        "//pkg/errors/linuxerr",
         "//pkg/hostarch",
         "//pkg/sentry/fs",
         "//pkg/sentry/fs/anon",
diff --git a/pkg/sentry/fs/ramfs/dir.go b/pkg/sentry/fs/ramfs/dir.go
index 19990f9db..daa396e42 100644
--- a/pkg/sentry/fs/ramfs/dir.go
+++ b/pkg/sentry/fs/ramfs/dir.go
@@ -21,6 +21,7 @@ import (
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/sentry/fs"
 	"gvisor.dev/gvisor/pkg/sentry/fs/fsutil"
 	"gvisor.dev/gvisor/pkg/sentry/socket/unix/transport"
@@ -178,7 +179,7 @@ func (d *Dir) Children() ([]string, map[string]fs.DentAttr) {
 func (d *Dir) removeChildLocked(ctx context.Context, name string) (*fs.Inode, error) {
 	inode, ok := d.children[name]
 	if !ok {
-		return nil, syserror.EACCES
+		return nil, linuxerr.EACCES
 	}
 
 	delete(d.children, name)
@@ -311,7 +312,7 @@ func (d *Dir) createInodeOperationsCommon(ctx context.Context, name string, make
 // Create creates a new Inode with the given name and returns its File.
 func (d *Dir) Create(ctx context.Context, dir *fs.Inode, name string, flags fs.FileFlags, perms fs.FilePermissions) (*fs.File, error) {
 	if d.CreateOps == nil || d.CreateOps.NewFile == nil {
-		return nil, syserror.EACCES
+		return nil, linuxerr.EACCES
 	}
 
 	inode, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
@@ -333,7 +334,7 @@ func (d *Dir) Create(ctx context.Context, dir *fs.Inode, name string, flags fs.F
 // CreateLink returns a new link.
 func (d *Dir) CreateLink(ctx context.Context, dir *fs.Inode, oldname, newname string) error {
 	if d.CreateOps == nil || d.CreateOps.NewSymlink == nil {
-		return syserror.EACCES
+		return linuxerr.EACCES
 	}
 	_, err := d.createInodeOperationsCommon(ctx, newname, func() (*fs.Inode, error) {
 		return d.NewSymlink(ctx, dir, oldname)
@@ -362,7 +363,7 @@ func (d *Dir) CreateHardLink(ctx context.Context, dir *fs.Inode, target *fs.Inod
 // CreateDirectory returns a new subdirectory.
 func (d *Dir) CreateDirectory(ctx context.Context, dir *fs.Inode, name string, perms fs.FilePermissions) error {
 	if d.CreateOps == nil || d.CreateOps.NewDir == nil {
-		return syserror.EACCES
+		return linuxerr.EACCES
 	}
 	_, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
 		return d.NewDir(ctx, dir, perms)
@@ -373,7 +374,7 @@ func (d *Dir) CreateDirectory(ctx context.Context, dir *fs.Inode, name string, p
 // Bind implements fs.InodeOperations.Bind.
 func (d *Dir) Bind(ctx context.Context, dir *fs.Inode, name string, ep transport.BoundEndpoint, perms fs.FilePermissions) (*fs.Dirent, error) {
 	if d.CreateOps == nil || d.CreateOps.NewBoundEndpoint == nil {
-		return nil, syserror.EACCES
+		return nil, linuxerr.EACCES
 	}
 	inode, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
 		return d.NewBoundEndpoint(ctx, dir, ep, perms)
@@ -392,7 +393,7 @@ func (d *Dir) Bind(ctx context.Context, dir *fs.Inode, name string, ep transport
 // CreateFifo implements fs.InodeOperations.CreateFifo.
 func (d *Dir) CreateFifo(ctx context.Context, dir *fs.Inode, name string, perms fs.FilePermissions) error {
 	if d.CreateOps == nil || d.CreateOps.NewFifo == nil {
-		return syserror.EACCES
+		return linuxerr.EACCES
 	}
 	_, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
 		return d.NewFifo(ctx, dir, perms)
diff --git a/pkg/sentry/fs/splice.go b/pkg/sentry/fs/splice.go
index ca9f645f6..fff4befb2 100644
--- a/pkg/sentry/fs/splice.go
+++ b/pkg/sentry/fs/splice.go
@@ -29,7 +29,7 @@ import (
 func Splice(ctx context.Context, dst *File, src *File, opts SpliceOpts) (int64, error) {
 	// Verify basic file flag permissions.
 	if !dst.Flags().Write || !src.Flags().Read {
-		return 0, syserror.EBADF
+		return 0, linuxerr.EBADF
 	}
 
 	// Check whether or not the objects being sliced are stream-oriented
diff --git a/pkg/sentry/fs/tmpfs/inode_file.go b/pkg/sentry/fs/tmpfs/inode_file.go
index ce6be6386..60c419b9f 100644
--- a/pkg/sentry/fs/tmpfs/inode_file.go
+++ b/pkg/sentry/fs/tmpfs/inode_file.go
@@ -218,7 +218,7 @@ func (f *fileInodeOperations) Truncate(ctx context.Context, _ *fs.Inode, size in
 		fallthrough
 	case oldSize > size && f.seals&linux.F_SEAL_SHRINK != 0: // Shrink sealed
 		f.dataMu.Unlock()
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	if oldSize != size {
@@ -279,7 +279,7 @@ func (f *fileInodeOperations) Allocate(ctx context.Context, _ *fs.Inode, offset,
 
 	// Check if current seals allow growth.
 	if f.seals&linux.F_SEAL_GROW != 0 {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	f.attr.Size = newSize
@@ -462,7 +462,7 @@ func (rw *fileReadWriter) WriteFromBlocks(srcs safemem.BlockSeq) (uint64, error)
 	// Check if seals prevent either file growth or all writes.
 	switch {
 	case rw.f.seals&linux.F_SEAL_WRITE != 0: // Write sealed
-		return 0, syserror.EPERM
+		return 0, linuxerr.EPERM
 	case end > rw.f.attr.Size && rw.f.seals&linux.F_SEAL_GROW != 0: // Grow sealed
 		// When growth is sealed, Linux effectively allows writes which would
 		// normally grow the file to partially succeed up to the current EOF,
@@ -483,7 +483,7 @@ func (rw *fileReadWriter) WriteFromBlocks(srcs safemem.BlockSeq) (uint64, error)
 		}
 		if end <= rw.offset {
 			// Truncation would result in no data being written.
-			return 0, syserror.EPERM
+			return 0, linuxerr.EPERM
 		}
 	}
 
@@ -551,7 +551,7 @@ func (f *fileInodeOperations) AddMapping(ctx context.Context, ms memmap.MappingS
 
 	// Reject writable mapping if F_SEAL_WRITE is set.
 	if f.seals&linux.F_SEAL_WRITE != 0 && writable {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	f.mappings.AddMapping(ms, ar, offset, writable)
@@ -669,7 +669,7 @@ func AddSeals(inode *fs.Inode, val uint32) error {
 
 		if f.seals&linux.F_SEAL_SEAL != 0 {
 			// Seal applied which prevents addition of any new seals.
-			return syserror.EPERM
+			return linuxerr.EPERM
 		}
 
 		// F_SEAL_WRITE can only be added if there are no active writable maps.
diff --git a/pkg/sentry/fs/tty/dir.go b/pkg/sentry/fs/tty/dir.go
index 13c9dbe7d..3242dcb6a 100644
--- a/pkg/sentry/fs/tty/dir.go
+++ b/pkg/sentry/fs/tty/dir.go
@@ -22,6 +22,7 @@ import (
 
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/hostarch"
 	"gvisor.dev/gvisor/pkg/sentry/fs"
 	"gvisor.dev/gvisor/pkg/sentry/fs/fsutil"
@@ -170,54 +171,54 @@ func (d *dirInodeOperations) Lookup(ctx context.Context, dir *fs.Inode, name str
 //
 // Creation is never allowed.
 func (d *dirInodeOperations) Create(ctx context.Context, dir *fs.Inode, name string, flags fs.FileFlags, perm fs.FilePermissions) (*fs.File, error) {
-	return nil, syserror.EACCES
+	return nil, linuxerr.EACCES
 }
 
 // CreateDirectory implements fs.InodeOperations.CreateDirectory.
 //
 // Creation is never allowed.
 func (d *dirInodeOperations) CreateDirectory(ctx context.Context, dir *fs.Inode, name string, perm fs.FilePermissions) error {
-	return syserror.EACCES
+	return linuxerr.EACCES
 }
 
 // CreateLink implements fs.InodeOperations.CreateLink.
 //
 // Creation is never allowed.
 func (d *dirInodeOperations) CreateLink(ctx context.Context, dir *fs.Inode, oldname, newname string) error {
-	return syserror.EACCES
+	return linuxerr.EACCES
 }
 
 // CreateHardLink implements fs.InodeOperations.CreateHardLink.
 //
 // Creation is never allowed.
 func (d *dirInodeOperations) CreateHardLink(ctx context.Context, dir *fs.Inode, target *fs.Inode, name string) error {
-	return syserror.EACCES
+	return linuxerr.EACCES
 }
 
 // CreateFifo implements fs.InodeOperations.CreateFifo.
 //
 // Creation is never allowed.
 func (d *dirInodeOperations) CreateFifo(ctx context.Context, dir *fs.Inode, name string, perm fs.FilePermissions) error {
-	return syserror.EACCES
+	return linuxerr.EACCES
 }
 
 // Remove implements fs.InodeOperations.Remove.
 //
 // Removal is never allowed.
 func (d *dirInodeOperations) Remove(ctx context.Context, dir *fs.Inode, name string) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // RemoveDirectory implements fs.InodeOperations.RemoveDirectory.
 //
 // Removal is never allowed.
 func (d *dirInodeOperations) RemoveDirectory(ctx context.Context, dir *fs.Inode, name string) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // Bind implements fs.InodeOperations.Bind.
 func (d *dirInodeOperations) Bind(ctx context.Context, dir *fs.Inode, name string, data transport.BoundEndpoint, perm fs.FilePermissions) (*fs.Dirent, error) {
-	return nil, syserror.EPERM
+	return nil, linuxerr.EPERM
 }
 
 // GetFile implements fs.InodeOperations.GetFile.
author	Zach Koopmans <zkoopmans@google.com>	2021-06-30 08:15:44 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-06-30 08:18:59 -0700
commit	6ef268409620c57197b9d573e23be8cb05dbf381 (patch)
tree	6dddb49b605335939b7ef7b23c50a3eadee5e912 /pkg/sentry/fs
parent	66a79461a23e5e98c53a809eda442393cd6925b3 (diff)