Pass overlay credentials via context in copy up.

Some VFS operations (those which operate on FDs) get their credentials via the context instead of via an explicit creds param. For these cases, we must pass the overlay credentials on the context. PiperOrigin-RevId: 327881259
author: Nicolas Lacasse <nlacasse@google.com> 2020-08-21 15:04:24 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-08-21 15:06:09 -0700
commit: 5f33fdf37e6386975323ca2bab0dccd51d82df65 (patch)
tree: 46a6de1218e453dd4902e143b6cbea4fee5fb937 /pkg/sentry/fsimpl/overlay
parent: 5ec3d4ed3e3cda8944e851ef845f6d275999858a (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/pkg/sentry/fsimpl/overlay/copy_up.go b/pkg/sentry/fsimpl/overlay/copy_up.go
index b3d19ff82..13735eb05 100644
--- a/pkg/sentry/fsimpl/overlay/copy_up.go
+++ b/pkg/sentry/fsimpl/overlay/copy_up.go
@@ -22,6 +22,7 @@ import (
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
 	"gvisor.dev/gvisor/pkg/fspath"
+	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
 	"gvisor.dev/gvisor/pkg/sentry/vfs"
 	"gvisor.dev/gvisor/pkg/syserror"
 	"gvisor.dev/gvisor/pkg/usermem"
@@ -40,6 +41,10 @@ func (d *dentry) copyUpLocked(ctx context.Context) error {
 		return nil
 	}
 
+	// Attach our credentials to the context, as some VFS operations use
+	// credentials from context rather an take an explicit creds parameter.
+	ctx = auth.ContextWithCredentials(ctx, d.fs.creds)
+
 	ftype := atomic.LoadUint32(&d.mode) & linux.S_IFMT
 	switch ftype {
 	case linux.S_IFREG, linux.S_IFDIR, linux.S_IFLNK, linux.S_IFBLK, linux.S_IFCHR:
author	Nicolas Lacasse <nlacasse@google.com>	2020-08-21 15:04:24 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-08-21 15:06:09 -0700
commit	5f33fdf37e6386975323ca2bab0dccd51d82df65 (patch)
tree	46a6de1218e453dd4902e143b6cbea4fee5fb937 /pkg/sentry/fsimpl/overlay
parent	5ec3d4ed3e3cda8944e851ef845f6d275999858a (diff)