Merge release-20210806.0-39-gb495ae599 (automated)

author: gVisor bot <gvisor-bot@google.com> 2021-08-18 00:49:19 +0000
committer: gVisor bot <gvisor-bot@google.com> 2021-08-18 00:49:19 +0000
commit: 38624dfb1cc22d2f8d18a613fa65b2400225b262 (patch)
tree: f445362dadfb34593f5798b79e281d78123abed4 /pkg/sentry/kernel/shm
parent: d96afdef75caa3cee4831642a10708a2e14d8a2b (diff)
parent: b495ae599aeff85511449ef17bd50d656d40bc28 (diff)
1 files changed, 2 insertions, 17 deletions
diff --git a/pkg/sentry/kernel/shm/shm.go b/pkg/sentry/kernel/shm/shm.go
index b8da0c76c..ab938fa3c 100644
--- a/pkg/sentry/kernel/shm/shm.go
+++ b/pkg/sentry/kernel/shm/shm.go
@@ -618,25 +618,10 @@ func (s *Shm) Set(ctx context.Context, ds *linux.ShmidDS) error {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
-	creds := auth.CredentialsFromContext(ctx)
-	if !s.obj.CheckOwnership(creds) {
-		return linuxerr.EPERM
-	}
-
-	uid := creds.UserNamespace.MapToKUID(auth.UID(ds.ShmPerm.UID))
-	gid := creds.UserNamespace.MapToKGID(auth.GID(ds.ShmPerm.GID))
-	if !uid.Ok() || !gid.Ok() {
-		return linuxerr.EINVAL
+	if err := s.obj.Set(ctx, &ds.ShmPerm); err != nil {
+		return err
 	}
 
-	// User may only modify the lower 9 bits of the mode. All the other bits are
-	// always 0 for the underlying inode.
-	mode := linux.FileMode(ds.ShmPerm.Mode & 0x1ff)
-	s.obj.Perms = fs.FilePermsFromMode(mode)
-
-	s.obj.Owner.UID = uid
-	s.obj.Owner.GID = gid
-
 	s.changeTime = ktime.NowFromContext(ctx)
 	return nil
 }
author	gVisor bot <gvisor-bot@google.com>	2021-08-18 00:49:19 +0000
committer	gVisor bot <gvisor-bot@google.com>	2021-08-18 00:49:19 +0000
commit	38624dfb1cc22d2f8d18a613fa65b2400225b262 (patch)
tree	f445362dadfb34593f5798b79e281d78123abed4 /pkg/sentry/kernel/shm
parent	d96afdef75caa3cee4831642a10708a2e14d8a2b (diff)
parent	b495ae599aeff85511449ef17bd50d656d40bc28 (diff)