summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/fsimpl/host
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2020-03-16 13:28:00 -0700
committergVisor bot <gvisor-bot@google.com>2020-03-16 13:29:12 -0700
commit0f60799a4f8c3db567973574147370fc900df55f (patch)
treec08ab6de7026f68c47853c7f6c28787b4f3e1ae6 /pkg/sentry/fsimpl/host
parent69da42885aff9371fd53227583a546df914de02b (diff)
Add calls to vfs.CheckSetStat to fsimpls
Only gofer filesystem was calling vfs.CheckSetStat for vfs.FilesystemImpl.SetStatAt and vfs.FileDescriptionImpl.SetStat. Updates #1193, #1672, #1197 PiperOrigin-RevId: 301226522
Diffstat (limited to 'pkg/sentry/fsimpl/host')
-rw-r--r--pkg/sentry/fsimpl/host/host.go16
1 files changed, 11 insertions, 5 deletions
diff --git a/pkg/sentry/fsimpl/host/host.go b/pkg/sentry/fsimpl/host/host.go
index 0be812d13..67c050c30 100644
--- a/pkg/sentry/fsimpl/host/host.go
+++ b/pkg/sentry/fsimpl/host/host.go
@@ -114,7 +114,8 @@ type inode struct {
ino uint64
// mu protects the inode metadata below.
- mu sync.Mutex
+ // TODO(gvisor.dev/issue/1672): actually protect fields below.
+ //mu sync.Mutex
// mode is the file mode of this inode. Note that this value may become out
// of date if the mode is changed on the host, e.g. with chmod.
@@ -269,16 +270,20 @@ func (i *inode) fstat(opts vfs.StatOptions) (linux.Statx, error) {
}
// SetStat implements kernfs.Inode.
-func (i *inode) SetStat(_ *vfs.Filesystem, opts vfs.SetStatOptions) error {
+func (i *inode) SetStat(fs *vfs.Filesystem, creds *auth.Credentials, opts vfs.SetStatOptions) error {
s := opts.Stat
m := s.Mask
if m == 0 {
return nil
}
- if m&(linux.STATX_UID|linux.STATX_GID) != 0 {
+ if m&^(linux.STATX_MODE|linux.STATX_SIZE|linux.STATX_ATIME|linux.STATX_MTIME) != 0 {
return syserror.EPERM
}
+ if err := vfs.CheckSetStat(creds, &s, uint16(i.Mode().Permissions()), i.uid, i.gid); err != nil {
+ return err
+ }
+
if m&linux.STATX_MODE != 0 {
if err := syscall.Fchmod(i.hostFD, uint32(s.Mode)); err != nil {
return err
@@ -375,8 +380,9 @@ type fileDescription struct {
}
// SetStat implements vfs.FileDescriptionImpl.
-func (f *fileDescription) SetStat(_ context.Context, opts vfs.SetStatOptions) error {
- return f.inode.SetStat(nil, opts)
+func (f *fileDescription) SetStat(ctx context.Context, opts vfs.SetStatOptions) error {
+ creds := auth.CredentialsFromContext(ctx)
+ return f.inode.SetStat(nil, creds, opts)
}
// Stat implements vfs.FileDescriptionImpl.