Add permission checks to vfs2 truncate.

- Check write permission on truncate(2). Unlike ftruncate(2), truncate(2) fails if the user does not have write permissions on the file. - For gofers under InteropModeShared, check file type before making a truncate request. We should fail early and avoid making an rpc when possible. Furthermore, depending on the remote host's failure may give us unexpected behavior--if the host converts the truncate request to an ftruncate syscall on an open fd, we will get EINVAL instead of EISDIR. Updates #2923. PiperOrigin-RevId: 322913569
author: Dean Deng <deandeng@google.com> 2020-07-23 18:46:10 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-07-23 18:52:44 -0700
commit: d9a3f5d0c7d675b3cb4519eccca341bac33456af (patch)
tree: 84a79ce511fed0dd4faf362896bc6d2be1c0cc82 /pkg/sentry/fsimpl/gofer/filesystem.go
parent: bac4ebaabfac95f7b467b9c777a890fcf31a42ae (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/sentry/fsimpl/gofer/filesystem.go b/pkg/sentry/fsimpl/gofer/filesystem.go
index 491495b16..00e3c99cd 100644
--- a/pkg/sentry/fsimpl/gofer/filesystem.go
+++ b/pkg/sentry/fsimpl/gofer/filesystem.go
@@ -1334,7 +1334,7 @@ func (fs *filesystem) SetStatAt(ctx context.Context, rp *vfs.ResolvingPath, opts
 		fs.renameMuRUnlockAndCheckCaching(&ds)
 		return err
 	}
-	if err := d.setStat(ctx, rp.Credentials(), &opts.Stat, rp.Mount()); err != nil {
+	if err := d.setStat(ctx, rp.Credentials(), &opts, rp.Mount()); err != nil {
 		fs.renameMuRUnlockAndCheckCaching(&ds)
 		return err
 	}
author	Dean Deng <deandeng@google.com>	2020-07-23 18:46:10 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-07-23 18:52:44 -0700
commit	d9a3f5d0c7d675b3cb4519eccca341bac33456af (patch)
tree	84a79ce511fed0dd4faf362896bc6d2be1c0cc82 /pkg/sentry/fsimpl/gofer/filesystem.go
parent	bac4ebaabfac95f7b467b9c777a890fcf31a42ae (diff)