Merge release-20210628.0-8-g54b71221c (automated)

author: gVisor bot <gvisor-bot@google.com> 2021-06-29 22:13:25 +0000
committer: gVisor bot <gvisor-bot@google.com> 2021-06-29 22:13:25 +0000
commit: a81deffb4e19f1edb78b618a97df4bd129e312c8 (patch)
tree: 43699ff370db20b5fa2f55f988d63f61244a4436 /pkg/sentry/kernel/auth
parent: 42b672d53fb6fd9fe71c0efc373843d79713afca (diff)
parent: 54b71221c0b7a9159f369263ea6189bdba4eac3a (diff)
2 files changed, 16 insertions, 14 deletions
diff --git a/pkg/sentry/kernel/auth/credentials.go b/pkg/sentry/kernel/auth/credentials.go
index 3325fedcb..32c344399 100644
--- a/pkg/sentry/kernel/auth/credentials.go
+++ b/pkg/sentry/kernel/auth/credentials.go
@@ -16,6 +16,7 @@ package auth
 
 import (
 	"gvisor.dev/gvisor/pkg/abi/linux"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/syserror"
 )
 
@@ -203,7 +204,7 @@ func (c *Credentials) UseUID(uid UID) (KUID, error) {
 	// uid must be mapped.
 	kuid := c.UserNamespace.MapToKUID(uid)
 	if !kuid.Ok() {
-		return NoID, syserror.EINVAL
+		return NoID, linuxerr.EINVAL
 	}
 	// If c has CAP_SETUID, then it can use any UID in its user namespace.
 	if c.HasCapability(linux.CAP_SETUID) {
@@ -222,7 +223,7 @@ func (c *Credentials) UseUID(uid UID) (KUID, error) {
 func (c *Credentials) UseGID(gid GID) (KGID, error) {
 	kgid := c.UserNamespace.MapToKGID(gid)
 	if !kgid.Ok() {
-		return NoID, syserror.EINVAL
+		return NoID, linuxerr.EINVAL
 	}
 	if c.HasCapability(linux.CAP_SETGID) {
 		return kgid, nil
@@ -239,7 +240,7 @@ func (c *Credentials) UseGID(gid GID) (KGID, error) {
 func (c *Credentials) SetUID(uid UID) error {
 	kuid := c.UserNamespace.MapToKUID(uid)
 	if !kuid.Ok() {
-		return syserror.EINVAL
+		return linuxerr.EINVAL
 	}
 	c.RealKUID = kuid
 	c.EffectiveKUID = kuid
@@ -253,7 +254,7 @@ func (c *Credentials) SetUID(uid UID) error {
 func (c *Credentials) SetGID(gid GID) error {
 	kgid := c.UserNamespace.MapToKGID(gid)
 	if !kgid.Ok() {
-		return syserror.EINVAL
+		return linuxerr.EINVAL
 	}
 	c.RealKGID = kgid
 	c.EffectiveKGID = kgid
diff --git a/pkg/sentry/kernel/auth/id_map.go b/pkg/sentry/kernel/auth/id_map.go
index 28cbe159d..955b6d40b 100644
--- a/pkg/sentry/kernel/auth/id_map.go
+++ b/pkg/sentry/kernel/auth/id_map.go
@@ -17,6 +17,7 @@ package auth
 import (
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/context"
+	"gvisor.dev/gvisor/pkg/errors/linuxerr"
 	"gvisor.dev/gvisor/pkg/syserror"
 )
 
@@ -110,7 +111,7 @@ func (ns *UserNamespace) SetUIDMap(ctx context.Context, entries []IDMapEntry) er
 	}
 	// "At least one line must be written to the file."
 	if len(entries) == 0 {
-		return syserror.EINVAL
+		return linuxerr.EINVAL
 	}
 	// """
 	// In order for a process to write to the /proc/[pid]/uid_map
@@ -170,11 +171,11 @@ func (ns *UserNamespace) trySetUIDMap(entries []IDMapEntry) error {
 		// checks for NoID.
 		lastID := e.FirstID + e.Length
 		if lastID <= e.FirstID {
-			return syserror.EINVAL
+			return linuxerr.EINVAL
 		}
 		lastParentID := e.FirstParentID + e.Length
 		if lastParentID <= e.FirstParentID {
-			return syserror.EINVAL
+			return linuxerr.EINVAL
 		}
 		// "3. The mapped user IDs (group IDs) must in turn have a mapping in
 		// the parent user namespace."
@@ -186,10 +187,10 @@ func (ns *UserNamespace) trySetUIDMap(entries []IDMapEntry) error {
 		}
 		// If either of these Adds fail, we have an overlapping range.
 		if !ns.uidMapFromParent.Add(idMapRange{e.FirstParentID, lastParentID}, e.FirstID) {
-			return syserror.EINVAL
+			return linuxerr.EINVAL
 		}
 		if !ns.uidMapToParent.Add(idMapRange{e.FirstID, lastID}, e.FirstParentID) {
-			return syserror.EINVAL
+			return linuxerr.EINVAL
 		}
 	}
 	return nil
@@ -205,7 +206,7 @@ func (ns *UserNamespace) SetGIDMap(ctx context.Context, entries []IDMapEntry) er
 		return syserror.EPERM
 	}
 	if len(entries) == 0 {
-		return syserror.EINVAL
+		return linuxerr.EINVAL
 	}
 	if !c.HasCapabilityIn(linux.CAP_SETGID, ns) {
 		return syserror.EPERM
@@ -239,20 +240,20 @@ func (ns *UserNamespace) trySetGIDMap(entries []IDMapEntry) error {
 	for _, e := range entries {
 		lastID := e.FirstID + e.Length
 		if lastID <= e.FirstID {
-			return syserror.EINVAL
+			return linuxerr.EINVAL
 		}
 		lastParentID := e.FirstParentID + e.Length
 		if lastParentID <= e.FirstParentID {
-			return syserror.EINVAL
+			return linuxerr.EINVAL
 		}
 		if !ns.parent.allIDsMapped(&ns.parent.gidMapToParent, e.FirstParentID, lastParentID) {
 			return syserror.EPERM
 		}
 		if !ns.gidMapFromParent.Add(idMapRange{e.FirstParentID, lastParentID}, e.FirstID) {
-			return syserror.EINVAL
+			return linuxerr.EINVAL
 		}
 		if !ns.gidMapToParent.Add(idMapRange{e.FirstID, lastID}, e.FirstParentID) {
-			return syserror.EINVAL
+			return linuxerr.EINVAL
 		}
 	}
 	return nil
author	gVisor bot <gvisor-bot@google.com>	2021-06-29 22:13:25 +0000
committer	gVisor bot <gvisor-bot@google.com>	2021-06-29 22:13:25 +0000
commit	a81deffb4e19f1edb78b618a97df4bd129e312c8 (patch)
tree	43699ff370db20b5fa2f55f988d63f61244a4436 /pkg/sentry/kernel/auth
parent	42b672d53fb6fd9fe71c0efc373843d79713afca (diff)
parent	54b71221c0b7a9159f369263ea6189bdba4eac3a (diff)