summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/fsimpl
diff options
context:
space:
mode:
authorAyush Ranjan <ayushranjan@google.com>2020-09-02 15:39:51 -0700
committergVisor bot <gvisor-bot@google.com>2020-09-02 15:43:13 -0700
commit0ca0d8e0110d284120497569dca1b85d3ec227fe (patch)
treecef40a4ec08c0ae2d6a07591d5c7dc8d03f59cb5 /pkg/sentry/fsimpl
parent5c6601120067299d521a64d4268050bbf3fb6a61 (diff)
[vfs] Fix error handling in overlayfs OpenAt.
Updates #1199 PiperOrigin-RevId: 329802274
Diffstat (limited to 'pkg/sentry/fsimpl')
-rw-r--r--pkg/sentry/fsimpl/overlay/filesystem.go13
1 files changed, 11 insertions, 2 deletions
diff --git a/pkg/sentry/fsimpl/overlay/filesystem.go b/pkg/sentry/fsimpl/overlay/filesystem.go
index e720bfb0b..63df86481 100644
--- a/pkg/sentry/fsimpl/overlay/filesystem.go
+++ b/pkg/sentry/fsimpl/overlay/filesystem.go
@@ -743,6 +743,9 @@ func (fs *filesystem) OpenAt(ctx context.Context, rp *vfs.ResolvingPath, opts vf
start := rp.Start().Impl().(*dentry)
if rp.Done() {
+ if mayCreate && rp.MustBeDir() {
+ return nil, syserror.EISDIR
+ }
if mustCreate {
return nil, syserror.EEXIST
}
@@ -766,6 +769,10 @@ afterTrailingSymlink:
if err := parent.checkPermissions(rp.Credentials(), vfs.MayExec); err != nil {
return nil, err
}
+ // Reject attempts to open directories with O_CREAT.
+ if mayCreate && rp.MustBeDir() {
+ return nil, syserror.EISDIR
+ }
// Determine whether or not we need to create a file.
parent.dirMu.Lock()
child, err := fs.stepLocked(ctx, rp, parent, false /* mayFollowSymlinks */, &ds)
@@ -774,12 +781,11 @@ afterTrailingSymlink:
parent.dirMu.Unlock()
return fd, err
}
+ parent.dirMu.Unlock()
if err != nil {
- parent.dirMu.Unlock()
return nil, err
}
// Open existing child or follow symlink.
- parent.dirMu.Unlock()
if mustCreate {
return nil, syserror.EEXIST
}
@@ -794,6 +800,9 @@ afterTrailingSymlink:
start = parent
goto afterTrailingSymlink
}
+ if rp.MustBeDir() && !child.isDir() {
+ return nil, syserror.ENOTDIR
+ }
if mayWrite {
if err := child.copyUpLocked(ctx); err != nil {
return nil, err