Whitelist utimensat(2).

utimensat is used by hostfs for setting timestamps on imported fds. Previously, this would crash the sandbox since utimensat was not allowed. Correct the VFS2 version of hostfs to match the call in VFS1. PiperOrigin-RevId: 301970121
author: Dean Deng <deandeng@google.com> 2020-03-19 23:29:15 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-03-19 23:30:21 -0700
commit: 248e46f320525704da917e148a8f69d9b74671a0 (patch)
tree: b1a204f393cfc9a3bc34643d8721de63824cba17 /pkg/sentry/fsimpl/host/host.go
parent: 069f1edbe42ebd91800f9b35e8724babc4081613 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/pkg/sentry/fsimpl/host/host.go b/pkg/sentry/fsimpl/host/host.go
index 3afb41395..1f735628f 100644
--- a/pkg/sentry/fsimpl/host/host.go
+++ b/pkg/sentry/fsimpl/host/host.go
@@ -322,11 +322,11 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
 		}
 	}
 	if m&(linux.STATX_ATIME|linux.STATX_MTIME) != 0 {
-		timestamps := []unix.Timespec{
+		ts := [2]syscall.Timespec{
 			toTimespec(s.Atime, m&linux.STATX_ATIME == 0),
 			toTimespec(s.Mtime, m&linux.STATX_MTIME == 0),
 		}
-		if err := unix.UtimesNanoAt(i.hostFD, "", timestamps, unix.AT_EMPTY_PATH); err != nil {
+		if err := setTimestamps(i.hostFD, &ts); err != nil {
 			return err
 		}
 	}
author	Dean Deng <deandeng@google.com>	2020-03-19 23:29:15 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-03-19 23:30:21 -0700
commit	248e46f320525704da917e148a8f69d9b74671a0 (patch)
tree	b1a204f393cfc9a3bc34643d8721de63824cba17 /pkg/sentry/fsimpl/host/host.go
parent	069f1edbe42ebd91800f9b35e8724babc4081613 (diff)