diff options
| author | gVisor bot <gvisor-bot@google.com> | 2020-06-06 02:14:41 +0000 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2020-06-06 02:14:41 +0000 |
| commit | 3fd0d124a05da2850ba2f1fb2e367d16266a5bf5 (patch) | |
| tree | 589002f811ebaa5f51cf47b181099a975a6805cf /pkg/sentry/kernel | |
| parent | c346064ffa0852a1a6a0c19a25bd5a5d30e1376f (diff) | |
| parent | 21b6bc7280f68f43360a008ffd02a4f461ec9fc8 (diff) | |
Merge release-20200522.0-89-g21b6bc72 (automated)
Diffstat (limited to 'pkg/sentry/kernel')
| -rw-r--r-- | pkg/sentry/kernel/auth/credentials.go | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/pkg/sentry/kernel/auth/credentials.go b/pkg/sentry/kernel/auth/credentials.go index e057d2c6d..6862f2ef5 100644 --- a/pkg/sentry/kernel/auth/credentials.go +++ b/pkg/sentry/kernel/auth/credentials.go @@ -232,3 +232,31 @@ func (c *Credentials) UseGID(gid GID) (KGID, error) { } return NoID, syserror.EPERM } + +// SetUID translates the provided uid to the root user namespace and updates c's +// uids to it. This performs no permissions or capabilities checks, the caller +// is responsible for ensuring the calling context is permitted to modify c. +func (c *Credentials) SetUID(uid UID) error { + kuid := c.UserNamespace.MapToKUID(uid) + if !kuid.Ok() { + return syserror.EINVAL + } + c.RealKUID = kuid + c.EffectiveKUID = kuid + c.SavedKUID = kuid + return nil +} + +// SetGID translates the provided gid to the root user namespace and updates c's +// gids to it. This performs no permissions or capabilities checks, the caller +// is responsible for ensuring the calling context is permitted to modify c. +func (c *Credentials) SetGID(gid GID) error { + kgid := c.UserNamespace.MapToKGID(gid) + if !kgid.Ok() { + return syserror.EINVAL + } + c.RealKGID = kgid + c.EffectiveKGID = kgid + c.SavedKGID = kgid + return nil +} |