setgid directory support in goferfs

Also adds support for clearing the setuid bit when appropriate (writing, truncating, changing size, changing UID, or changing GID). VFS2 only. PiperOrigin-RevId: 364661835
author: Kevin Krakauer <krakauer@google.com> 2021-03-23 15:40:17 -0700
committer: gVisor bot <gvisor-bot@google.com> 2021-03-23 15:42:12 -0700
commit: 92374e51976c8a47e4705943f73cecbc6a27073b (patch)
tree: 5f267314a82b8dbdc4638c8eb1e2c5b062890ca0 /pkg/sentry/fsimpl/gofer/regular_file.go
parent: acb4c62885629d6d3ee977b93c27282abed0b33f (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/pkg/sentry/fsimpl/gofer/regular_file.go b/pkg/sentry/fsimpl/gofer/regular_file.go
index 283b220bb..4f1ad0c88 100644
--- a/pkg/sentry/fsimpl/gofer/regular_file.go
+++ b/pkg/sentry/fsimpl/gofer/regular_file.go
@@ -266,6 +266,20 @@ func (fd *regularFileFD) pwrite(ctx context.Context, src usermem.IOSequence, off
 			return 0, offset, err
 		}
 	}
+
+	// As with Linux, writing clears the setuid and setgid bits.
+	if n > 0 {
+		oldMode := atomic.LoadUint32(&d.mode)
+		// If setuid or setgid were set, update d.mode and propagate
+		// changes to the host.
+		if newMode := vfs.ClearSUIDAndSGID(oldMode); newMode != oldMode {
+			atomic.StoreUint32(&d.mode, newMode)
+			if err := d.file.setAttr(ctx, p9.SetAttrMask{Permissions: true}, p9.SetAttr{Permissions: p9.FileMode(newMode)}); err != nil {
+				return 0, offset, err
+			}
+		}
+	}
+
 	return n, offset + n, nil
 }
author	Kevin Krakauer <krakauer@google.com>	2021-03-23 15:40:17 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-03-23 15:42:12 -0700
commit	92374e51976c8a47e4705943f73cecbc6a27073b (patch)
tree	5f267314a82b8dbdc4638c8eb1e2c5b062890ca0 /pkg/sentry/fsimpl/gofer/regular_file.go
parent	acb4c62885629d6d3ee977b93c27282abed0b33f (diff)