setgid directory support in overlayfs

PiperOrigin-RevId: 363276495
author: Kevin Krakauer <krakauer@google.com> 2021-03-16 14:53:42 -0700
committer: gVisor bot <gvisor-bot@google.com> 2021-03-16 14:55:29 -0700
commit: 607a1e481c276c8ab0c3e194ed04b38bc07b71b6 (patch)
tree: e760228af2d1b5fc7766a284fb6a8bb9b2b6ba28 /pkg/sentry/fsimpl/overlay/overlay.go
parent: 05193de1ccaf487a175dead4121c62b99e02d0f5 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/pkg/sentry/fsimpl/overlay/overlay.go b/pkg/sentry/fsimpl/overlay/overlay.go
index 58680bc80..454c20d4f 100644
--- a/pkg/sentry/fsimpl/overlay/overlay.go
+++ b/pkg/sentry/fsimpl/overlay/overlay.go
@@ -749,6 +749,27 @@ func (d *dentry) mayDelete(creds *auth.Credentials, child *dentry) error {
 	)
 }
 
+// newChildOwnerStat returns a Statx for configuring the UID, GID, and mode of
+// children.
+func (d *dentry) newChildOwnerStat(mode linux.FileMode, creds *auth.Credentials) linux.Statx {
+	stat := linux.Statx{
+		Mask: uint32(linux.STATX_UID | linux.STATX_GID),
+		UID:  uint32(creds.EffectiveKUID),
+		GID:  uint32(creds.EffectiveKGID),
+	}
+	// Set GID and possibly the SGID bit if the parent is an SGID directory.
+	d.copyMu.RLock()
+	defer d.copyMu.RUnlock()
+	if atomic.LoadUint32(&d.mode)&linux.ModeSetGID == linux.ModeSetGID {
+		stat.GID = atomic.LoadUint32(&d.gid)
+		if stat.Mode&linux.ModeDirectory == linux.ModeDirectory {
+			stat.Mode = uint16(mode) | linux.ModeSetGID
+			stat.Mask |= linux.STATX_MODE
+		}
+	}
+	return stat
+}
+
 // fileDescription is embedded by overlay implementations of
 // vfs.FileDescriptionImpl.
 //
author	Kevin Krakauer <krakauer@google.com>	2021-03-16 14:53:42 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-03-16 14:55:29 -0700
commit	607a1e481c276c8ab0c3e194ed04b38bc07b71b6 (patch)
tree	e760228af2d1b5fc7766a284fb6a8bb9b2b6ba28 /pkg/sentry/fsimpl/overlay/overlay.go
parent	05193de1ccaf487a175dead4121c62b99e02d0f5 (diff)