Merge release-20210628.0-14-g6ef268409 (automated)

15 files changed, 56 insertions, 52 deletions

diff --git a/pkg/sentry/fs/dev/net_tun.go b/pkg/sentry/fs/dev/net_tun.go
index 5674978bd..ae9aed7b5 100644
--- a/pkg/sentry/fs/dev/net_tun.go
+++ b/pkg/sentry/fs/dev/net_tun.go
@@ -99,7 +99,7 @@ func (n *netTunFileOperations) Ioctl(ctx context.Context, file *fs.File, io user
 	switch request {
 	case linux.TUNSETIFF:
 		if !t.HasCapability(linux.CAP_NET_ADMIN) {
-			return 0, syserror.EPERM
+			return 0, linuxerr.EPERM
 		}
 		stack, ok := t.NetworkContext().(*netstack.Stack)
 		if !ok {
diff --git a/pkg/sentry/fs/dirent.go b/pkg/sentry/fs/dirent.go
index e21c9d78e..1b17aa991 100644
--- a/pkg/sentry/fs/dirent.go
+++ b/pkg/sentry/fs/dirent.go
@@ -1320,7 +1320,7 @@ func lockForRename(oldParent *Dirent, oldName string, newParent *Dirent, newName
 func (d *Dirent) checkSticky(ctx context.Context, victim *Dirent) error {
 	uattr, err := d.Inode.UnstableAttr(ctx)
 	if err != nil {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 	if !uattr.Perms.Sticky {
 		return nil
@@ -1333,7 +1333,7 @@ func (d *Dirent) checkSticky(ctx context.Context, victim *Dirent) error {
 
 	vuattr, err := victim.Inode.UnstableAttr(ctx)
 	if err != nil {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 	if vuattr.Owner.UID == creds.EffectiveKUID {
 		return nil
@@ -1341,7 +1341,7 @@ func (d *Dirent) checkSticky(ctx context.Context, victim *Dirent) error {
 	if victim.Inode.CheckCapability(ctx, linux.CAP_FOWNER) {
 		return nil
 	}
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // MayDelete determines whether `name`, a child of `d`, can be deleted or
diff --git a/pkg/sentry/fs/gofer/path.go b/pkg/sentry/fs/gofer/path.go
index 1a6f353d0..79e165faf 100644
--- a/pkg/sentry/fs/gofer/path.go
+++ b/pkg/sentry/fs/gofer/path.go
@@ -312,7 +312,7 @@ func (i *inodeOperations) CreateFifo(ctx context.Context, dir *fs.Inode, name st
 
 func (i *inodeOperations) createInternalFifo(ctx context.Context, dir *fs.Inode, name string, owner fs.FileOwner, perm fs.FilePermissions) error {
 	if i.session().overrides == nil {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	// Stabilize the override map while creation is in progress.
diff --git a/pkg/sentry/fs/host/host.go b/pkg/sentry/fs/host/host.go
index 081ba1dd8..9f6dbd7e9 100644
--- a/pkg/sentry/fs/host/host.go
+++ b/pkg/sentry/fs/host/host.go
@@ -17,8 +17,8 @@ package host
 
 import (
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/sentry/fs"
-	"gvisor.dev/gvisor/pkg/syserror"
 )
 
 // filesystem is a host filesystem.
@@ -40,7 +40,7 @@ func (*filesystem) Name() string {
 
 // Mount returns an error. Mounting hostfs is not allowed.
 func (*filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, dataObj interface{}) (*fs.Inode, error) {
-	return nil, syserror.EPERM
+	return nil, linuxerr.EPERM
 }
 
 // AllowUserMount prohibits users from using mount(2) with this file system.
diff --git a/pkg/sentry/fs/host/inode.go b/pkg/sentry/fs/host/inode.go
index e299b532c..1b56f0919 100644
--- a/pkg/sentry/fs/host/inode.go
+++ b/pkg/sentry/fs/host/inode.go
@@ -17,6 +17,7 @@ package host
 import (
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/fd"
 	"gvisor.dev/gvisor/pkg/safemem"
 	"gvisor.dev/gvisor/pkg/secio"
@@ -113,7 +114,7 @@ func (i *inodeFileState) SetMaskedAttributes(ctx context.Context, mask fs.AttrMa
 		return nil
 	}
 	if mask.UID || mask.GID {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 	if mask.Perms {
 		if err := unix.Fchmod(i.FD(), uint32(attr.Perms.LinuxMode())); err != nil {
@@ -224,43 +225,43 @@ func (i *inodeOperations) Lookup(ctx context.Context, dir *fs.Inode, name string
 
 // Create implements fs.InodeOperations.Create.
 func (i *inodeOperations) Create(ctx context.Context, dir *fs.Inode, name string, flags fs.FileFlags, perm fs.FilePermissions) (*fs.File, error) {
-	return nil, syserror.EPERM
+	return nil, linuxerr.EPERM
 
 }
 
 // CreateDirectory implements fs.InodeOperations.CreateDirectory.
 func (i *inodeOperations) CreateDirectory(ctx context.Context, dir *fs.Inode, name string, perm fs.FilePermissions) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // CreateLink implements fs.InodeOperations.CreateLink.
 func (i *inodeOperations) CreateLink(ctx context.Context, dir *fs.Inode, oldname string, newname string) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // CreateHardLink implements fs.InodeOperations.CreateHardLink.
 func (*inodeOperations) CreateHardLink(context.Context, *fs.Inode, *fs.Inode, string) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // CreateFifo implements fs.InodeOperations.CreateFifo.
 func (*inodeOperations) CreateFifo(context.Context, *fs.Inode, string, fs.FilePermissions) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // Remove implements fs.InodeOperations.Remove.
 func (i *inodeOperations) Remove(ctx context.Context, dir *fs.Inode, name string) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // RemoveDirectory implements fs.InodeOperations.RemoveDirectory.
 func (i *inodeOperations) RemoveDirectory(ctx context.Context, dir *fs.Inode, name string) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // Rename implements fs.InodeOperations.Rename.
 func (i *inodeOperations) Rename(ctx context.Context, inode *fs.Inode, oldParent *fs.Inode, oldName string, newParent *fs.Inode, newName string, replacement bool) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // Bind implements fs.InodeOperations.Bind.
@@ -313,7 +314,7 @@ func (i *inodeOperations) Check(ctx context.Context, inode *fs.Inode, p fs.PermM
 
 // SetOwner implements fs.InodeOperations.SetOwner.
 func (i *inodeOperations) SetOwner(context.Context, *fs.Inode, fs.FileOwner) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // SetPermissions implements fs.InodeOperations.SetPermissions.
diff --git a/pkg/sentry/fs/host/tty.go b/pkg/sentry/fs/host/tty.go
index 2ff520100..c7010f35c 100644
--- a/pkg/sentry/fs/host/tty.go
+++ b/pkg/sentry/fs/host/tty.go
@@ -224,7 +224,7 @@ func (t *TTYFileOperations) Ioctl(ctx context.Context, _ *fs.File, io usermem.IO
 
 		// Check that new process group is in the TTY session.
 		if pg.Session() != t.session {
-			return 0, syserror.EPERM
+			return 0, linuxerr.EPERM
 		}
 
 		t.fgProcessGroup = pg
diff --git a/pkg/sentry/fs/inode.go b/pkg/sentry/fs/inode.go
index 41a3c2047..b8da3bdd4 100644
--- a/pkg/sentry/fs/inode.go
+++ b/pkg/sentry/fs/inode.go
@@ -17,6 +17,7 @@ package fs
 import (
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/refs"
 	"gvisor.dev/gvisor/pkg/sentry/fs/lock"
@@ -324,7 +325,7 @@ func (i *Inode) check(ctx context.Context, p PermMask) error {
 		return overlayCheck(ctx, i.overlay, p)
 	}
 	if !i.InodeOperations.Check(ctx, i, p) {
-		return syserror.EACCES
+		return linuxerr.EACCES
 	}
 	return nil
 }
diff --git a/pkg/sentry/fs/inode_overlay.go b/pkg/sentry/fs/inode_overlay.go
index bd1125dcc..ecd467533 100644
--- a/pkg/sentry/fs/inode_overlay.go
+++ b/pkg/sentry/fs/inode_overlay.go
@@ -569,7 +569,7 @@ func overlayGetXattr(ctx context.Context, o *overlayEntry, name string, size uin
 func overlaySetXattr(ctx context.Context, o *overlayEntry, d *Dirent, name, value string, flags uint32) error {
 	// Don't allow changes to overlay xattrs through a setxattr syscall.
 	if isXattrOverlay(name) {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	if err := copyUp(ctx, d); err != nil {
@@ -601,7 +601,7 @@ func overlayListXattr(ctx context.Context, o *overlayEntry, size uint64) (map[st
 func overlayRemoveXattr(ctx context.Context, o *overlayEntry, d *Dirent, name string) error {
 	// Don't allow changes to overlay xattrs through a removexattr syscall.
 	if isXattrOverlay(name) {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	if err := copyUp(ctx, d); err != nil {
@@ -688,7 +688,7 @@ func overlayGetlink(ctx context.Context, o *overlayEntry) (*Dirent, error) {
 		dirent.DecRef(ctx)
 
 		// Claim that the path is not accessible.
-		err = syserror.EACCES
+		err = linuxerr.EACCES
 		log.Warningf("Getlink not supported in overlay for %q", name)
 	}
 	return nil, err
diff --git a/pkg/sentry/fs/inotify.go b/pkg/sentry/fs/inotify.go
index 4e07043c7..ebdd418af 100644
--- a/pkg/sentry/fs/inotify.go
+++ b/pkg/sentry/fs/inotify.go
@@ -127,7 +127,7 @@ func (*Inotify) Readdir(context.Context, *File, DentrySerializer) (int64, error)
 
 // Write implements FileOperations.Write.
 func (*Inotify) Write(context.Context, *File, usermem.IOSequence, int64) (int64, error) {
-	return 0, syserror.EBADF
+	return 0, linuxerr.EBADF
 }
 
 // Read implements FileOperations.Read.
diff --git a/pkg/sentry/fs/proc/seqfile/seqfile.go b/pkg/sentry/fs/proc/seqfile/seqfile.go
index b01688b1d..77270814e 100644
--- a/pkg/sentry/fs/proc/seqfile/seqfile.go
+++ b/pkg/sentry/fs/proc/seqfile/seqfile.go
@@ -20,13 +20,13 @@ import (
 
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/hostarch"
 	"gvisor.dev/gvisor/pkg/sentry/fs"
 	"gvisor.dev/gvisor/pkg/sentry/fs/fsutil"
 	"gvisor.dev/gvisor/pkg/sentry/fs/proc/device"
 	ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
 	"gvisor.dev/gvisor/pkg/sync"
-	"gvisor.dev/gvisor/pkg/syserror"
 	"gvisor.dev/gvisor/pkg/usermem"
 	"gvisor.dev/gvisor/pkg/waiter"
 )
@@ -204,7 +204,7 @@ var _ fs.FileOperations = (*seqFileOperations)(nil)
 
 // Write implements fs.FileOperations.Write.
 func (*seqFileOperations) Write(context.Context, *fs.File, usermem.IOSequence, int64) (int64, error) {
-	return 0, syserror.EACCES
+	return 0, linuxerr.EACCES
 }
 
 // Read implements fs.FileOperations.Read.
diff --git a/pkg/sentry/fs/proc/task.go b/pkg/sentry/fs/proc/task.go
index 7ece1377a..7a7af31e4 100644
--- a/pkg/sentry/fs/proc/task.go
+++ b/pkg/sentry/fs/proc/task.go
@@ -62,7 +62,7 @@ func getTaskMM(t *kernel.Task) (*mm.MemoryManager, error) {
 func checkTaskState(t *kernel.Task) error {
 	switch t.ExitState() {
 	case kernel.TaskExitZombie:
-		return syserror.EACCES
+		return linuxerr.EACCES
 	case kernel.TaskExitDead:
 		return syserror.ESRCH
 	}
@@ -273,7 +273,7 @@ func (e *exe) executable() (file fsbridge.File, err error) {
 	e.t.WithMuLocked(func(t *kernel.Task) {
 		mm := t.MemoryManager()
 		if mm == nil {
-			err = syserror.EACCES
+			err = linuxerr.EACCES
 			return
 		}
 
@@ -291,7 +291,7 @@ func (e *exe) executable() (file fsbridge.File, err error) {
 // Readlink implements fs.InodeOperations.
 func (e *exe) Readlink(ctx context.Context, inode *fs.Inode) (string, error) {
 	if !kernel.ContextCanTrace(ctx, e.t, false) {
-		return "", syserror.EACCES
+		return "", linuxerr.EACCES
 	}
 
 	// Pull out the executable for /proc/TID/exe.
@@ -324,7 +324,7 @@ func newCwd(ctx context.Context, t *kernel.Task, msrc *fs.MountSource) *fs.Inode
 // Readlink implements fs.InodeOperations.
 func (e *cwd) Readlink(ctx context.Context, inode *fs.Inode) (string, error) {
 	if !kernel.ContextCanTrace(ctx, e.t, false) {
-		return "", syserror.EACCES
+		return "", linuxerr.EACCES
 	}
 	if err := checkTaskState(e.t); err != nil {
 		return "", err
@@ -381,7 +381,7 @@ func (n *namespaceSymlink) Readlink(ctx context.Context, inode *fs.Inode) (strin
 // Getlink implements fs.InodeOperations.Getlink.
 func (n *namespaceSymlink) Getlink(ctx context.Context, inode *fs.Inode) (*fs.Dirent, error) {
 	if !kernel.ContextCanTrace(ctx, n.t, false) {
-		return nil, syserror.EACCES
+		return nil, linuxerr.EACCES
 	}
 	if err := checkTaskState(n.t); err != nil {
 		return nil, err
@@ -449,7 +449,7 @@ func (m *memData) GetFile(ctx context.Context, dirent *fs.Dirent, flags fs.FileF
 	// Permission to read this file is governed by PTRACE_MODE_ATTACH_FSCREDS
 	// Since we dont implement setfsuid/setfsgid we can just use PTRACE_MODE_ATTACH
 	if !kernel.ContextCanTrace(ctx, m.t, true) {
-		return nil, syserror.EACCES
+		return nil, linuxerr.EACCES
 	}
 	if err := checkTaskState(m.t); err != nil {
 		return nil, err
diff --git a/pkg/sentry/fs/ramfs/dir.go b/pkg/sentry/fs/ramfs/dir.go
index 19990f9db..daa396e42 100644
--- a/pkg/sentry/fs/ramfs/dir.go
+++ b/pkg/sentry/fs/ramfs/dir.go
@@ -21,6 +21,7 @@ import (
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/sentry/fs"
 	"gvisor.dev/gvisor/pkg/sentry/fs/fsutil"
 	"gvisor.dev/gvisor/pkg/sentry/socket/unix/transport"
@@ -178,7 +179,7 @@ func (d *Dir) Children() ([]string, map[string]fs.DentAttr) {
 func (d *Dir) removeChildLocked(ctx context.Context, name string) (*fs.Inode, error) {
 	inode, ok := d.children[name]
 	if !ok {
-		return nil, syserror.EACCES
+		return nil, linuxerr.EACCES
 	}
 
 	delete(d.children, name)
@@ -311,7 +312,7 @@ func (d *Dir) createInodeOperationsCommon(ctx context.Context, name string, make
 // Create creates a new Inode with the given name and returns its File.
 func (d *Dir) Create(ctx context.Context, dir *fs.Inode, name string, flags fs.FileFlags, perms fs.FilePermissions) (*fs.File, error) {
 	if d.CreateOps == nil || d.CreateOps.NewFile == nil {
-		return nil, syserror.EACCES
+		return nil, linuxerr.EACCES
 	}
 
 	inode, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
@@ -333,7 +334,7 @@ func (d *Dir) Create(ctx context.Context, dir *fs.Inode, name string, flags fs.F
 // CreateLink returns a new link.
 func (d *Dir) CreateLink(ctx context.Context, dir *fs.Inode, oldname, newname string) error {
 	if d.CreateOps == nil || d.CreateOps.NewSymlink == nil {
-		return syserror.EACCES
+		return linuxerr.EACCES
 	}
 	_, err := d.createInodeOperationsCommon(ctx, newname, func() (*fs.Inode, error) {
 		return d.NewSymlink(ctx, dir, oldname)
@@ -362,7 +363,7 @@ func (d *Dir) CreateHardLink(ctx context.Context, dir *fs.Inode, target *fs.Inod
 // CreateDirectory returns a new subdirectory.
 func (d *Dir) CreateDirectory(ctx context.Context, dir *fs.Inode, name string, perms fs.FilePermissions) error {
 	if d.CreateOps == nil || d.CreateOps.NewDir == nil {
-		return syserror.EACCES
+		return linuxerr.EACCES
 	}
 	_, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
 		return d.NewDir(ctx, dir, perms)
@@ -373,7 +374,7 @@ func (d *Dir) CreateDirectory(ctx context.Context, dir *fs.Inode, name string, p
 // Bind implements fs.InodeOperations.Bind.
 func (d *Dir) Bind(ctx context.Context, dir *fs.Inode, name string, ep transport.BoundEndpoint, perms fs.FilePermissions) (*fs.Dirent, error) {
 	if d.CreateOps == nil || d.CreateOps.NewBoundEndpoint == nil {
-		return nil, syserror.EACCES
+		return nil, linuxerr.EACCES
 	}
 	inode, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
 		return d.NewBoundEndpoint(ctx, dir, ep, perms)
@@ -392,7 +393,7 @@ func (d *Dir) Bind(ctx context.Context, dir *fs.Inode, name string, ep transport
 // CreateFifo implements fs.InodeOperations.CreateFifo.
 func (d *Dir) CreateFifo(ctx context.Context, dir *fs.Inode, name string, perms fs.FilePermissions) error {
 	if d.CreateOps == nil || d.CreateOps.NewFifo == nil {
-		return syserror.EACCES
+		return linuxerr.EACCES
 	}
 	_, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
 		return d.NewFifo(ctx, dir, perms)
diff --git a/pkg/sentry/fs/splice.go b/pkg/sentry/fs/splice.go
index ca9f645f6..fff4befb2 100644
--- a/pkg/sentry/fs/splice.go
+++ b/pkg/sentry/fs/splice.go
@@ -29,7 +29,7 @@ import (
 func Splice(ctx context.Context, dst *File, src *File, opts SpliceOpts) (int64, error) {
 	// Verify basic file flag permissions.
 	if !dst.Flags().Write || !src.Flags().Read {
-		return 0, syserror.EBADF
+		return 0, linuxerr.EBADF
 	}
 
 	// Check whether or not the objects being sliced are stream-oriented
diff --git a/pkg/sentry/fs/tmpfs/inode_file.go b/pkg/sentry/fs/tmpfs/inode_file.go
index ce6be6386..60c419b9f 100644
--- a/pkg/sentry/fs/tmpfs/inode_file.go
+++ b/pkg/sentry/fs/tmpfs/inode_file.go
@@ -218,7 +218,7 @@ func (f *fileInodeOperations) Truncate(ctx context.Context, _ *fs.Inode, size in
 		fallthrough
 	case oldSize > size && f.seals&linux.F_SEAL_SHRINK != 0: // Shrink sealed
 		f.dataMu.Unlock()
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	if oldSize != size {
@@ -279,7 +279,7 @@ func (f *fileInodeOperations) Allocate(ctx context.Context, _ *fs.Inode, offset,
 
 	// Check if current seals allow growth.
 	if f.seals&linux.F_SEAL_GROW != 0 {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	f.attr.Size = newSize
@@ -462,7 +462,7 @@ func (rw *fileReadWriter) WriteFromBlocks(srcs safemem.BlockSeq) (uint64, error)
 	// Check if seals prevent either file growth or all writes.
 	switch {
 	case rw.f.seals&linux.F_SEAL_WRITE != 0: // Write sealed
-		return 0, syserror.EPERM
+		return 0, linuxerr.EPERM
 	case end > rw.f.attr.Size && rw.f.seals&linux.F_SEAL_GROW != 0: // Grow sealed
 		// When growth is sealed, Linux effectively allows writes which would
 		// normally grow the file to partially succeed up to the current EOF,
@@ -483,7 +483,7 @@ func (rw *fileReadWriter) WriteFromBlocks(srcs safemem.BlockSeq) (uint64, error)
 		}
 		if end <= rw.offset {
 			// Truncation would result in no data being written.
-			return 0, syserror.EPERM
+			return 0, linuxerr.EPERM
 		}
 	}
 
@@ -551,7 +551,7 @@ func (f *fileInodeOperations) AddMapping(ctx context.Context, ms memmap.MappingS
 
 	// Reject writable mapping if F_SEAL_WRITE is set.
 	if f.seals&linux.F_SEAL_WRITE != 0 && writable {
-		return syserror.EPERM
+		return linuxerr.EPERM
 	}
 
 	f.mappings.AddMapping(ms, ar, offset, writable)
@@ -669,7 +669,7 @@ func AddSeals(inode *fs.Inode, val uint32) error {
 
 		if f.seals&linux.F_SEAL_SEAL != 0 {
 			// Seal applied which prevents addition of any new seals.
-			return syserror.EPERM
+			return linuxerr.EPERM
 		}
 
 		// F_SEAL_WRITE can only be added if there are no active writable maps.
diff --git a/pkg/sentry/fs/tty/dir.go b/pkg/sentry/fs/tty/dir.go
index 13c9dbe7d..3242dcb6a 100644
--- a/pkg/sentry/fs/tty/dir.go
+++ b/pkg/sentry/fs/tty/dir.go
@@ -22,6 +22,7 @@ import (
 
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/hostarch"
 	"gvisor.dev/gvisor/pkg/sentry/fs"
 	"gvisor.dev/gvisor/pkg/sentry/fs/fsutil"
@@ -170,54 +171,54 @@ func (d *dirInodeOperations) Lookup(ctx context.Context, dir *fs.Inode, name str
 //
 // Creation is never allowed.
 func (d *dirInodeOperations) Create(ctx context.Context, dir *fs.Inode, name string, flags fs.FileFlags, perm fs.FilePermissions) (*fs.File, error) {
-	return nil, syserror.EACCES
+	return nil, linuxerr.EACCES
 }
 
 // CreateDirectory implements fs.InodeOperations.CreateDirectory.
 //
 // Creation is never allowed.
 func (d *dirInodeOperations) CreateDirectory(ctx context.Context, dir *fs.Inode, name string, perm fs.FilePermissions) error {
-	return syserror.EACCES
+	return linuxerr.EACCES
 }
 
 // CreateLink implements fs.InodeOperations.CreateLink.
 //
 // Creation is never allowed.
 func (d *dirInodeOperations) CreateLink(ctx context.Context, dir *fs.Inode, oldname, newname string) error {
-	return syserror.EACCES
+	return linuxerr.EACCES
 }
 
 // CreateHardLink implements fs.InodeOperations.CreateHardLink.
 //
 // Creation is never allowed.
 func (d *dirInodeOperations) CreateHardLink(ctx context.Context, dir *fs.Inode, target *fs.Inode, name string) error {
-	return syserror.EACCES
+	return linuxerr.EACCES
 }
 
 // CreateFifo implements fs.InodeOperations.CreateFifo.
 //
 // Creation is never allowed.
 func (d *dirInodeOperations) CreateFifo(ctx context.Context, dir *fs.Inode, name string, perm fs.FilePermissions) error {
-	return syserror.EACCES
+	return linuxerr.EACCES
 }
 
 // Remove implements fs.InodeOperations.Remove.
 //
 // Removal is never allowed.
 func (d *dirInodeOperations) Remove(ctx context.Context, dir *fs.Inode, name string) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // RemoveDirectory implements fs.InodeOperations.RemoveDirectory.
 //
 // Removal is never allowed.
 func (d *dirInodeOperations) RemoveDirectory(ctx context.Context, dir *fs.Inode, name string) error {
-	return syserror.EPERM
+	return linuxerr.EPERM
 }
 
 // Bind implements fs.InodeOperations.Bind.
 func (d *dirInodeOperations) Bind(ctx context.Context, dir *fs.Inode, name string, data transport.BoundEndpoint, perm fs.FilePermissions) (*fs.Dirent, error) {
-	return nil, syserror.EPERM
+	return nil, linuxerr.EPERM
 }
 
 // GetFile implements fs.InodeOperations.GetFile.