diff options
author | Jamie Liu <jamieliu@google.com> | 2018-08-31 15:43:32 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-08-31 15:44:40 -0700 |
commit | f8ccfbbed4875e65c78c849cd46afa882ba68ee3 (patch) | |
tree | 62fd34d0cd96fbdf088dffbc7e2e0c173e55d91f /pkg/sentry/kernel | |
parent | 7713e2cb75a5d21c1a9c62ae2f332e76ea536867 (diff) |
Document more task-goroutine-owned fields in kernel.Task.
Task.creds can only be changed by the task's own set*id and execve
syscalls, and Task namespaces can only be changed by the task's own
unshare/setns syscalls.
PiperOrigin-RevId: 211156279
Change-Id: I94d57105d34e8739d964400995a8a5d76306b2a0
Diffstat (limited to 'pkg/sentry/kernel')
-rw-r--r-- | pkg/sentry/kernel/task.go | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/pkg/sentry/kernel/task.go b/pkg/sentry/kernel/task.go index 32db0bf48..ae4fd7817 100644 --- a/pkg/sentry/kernel/task.go +++ b/pkg/sentry/kernel/task.go @@ -354,19 +354,19 @@ type Task struct { // creds is the task's credentials. // - // creds is protected by mu, however the value itself is immutable and - // can only be changed by a copy. After reading the pointer, access - // will proceed outside the scope of mu. + // creds is protected by mu, however the value itself is immutable and can + // only be changed by a copy. After reading the pointer, access will + // proceed outside the scope of mu. creds is owned by the task goroutine. creds *auth.Credentials // utsns is the task's UTS namespace. // - // utsns is protected by mu. + // utsns is protected by mu. utsns is owned by the task goroutine. utsns *UTSNamespace // ipcns is the task's IPC namespace. // - // ipcns is protected by mu. + // ipcns is protected by mu. ipcns is owned by the task goroutine. ipcns *IPCNamespace // abstractSockets tracks abstract sockets that are in use. @@ -547,6 +547,9 @@ func (t *Task) Kernel() *Kernel { } // Value implements context.Context.Value. +// +// Preconditions: The caller must be running on the task goroutine (as implied +// by the requirements of context.Context). func (t *Task) Value(key interface{}) interface{} { switch key { case CtxCanTrace: @@ -556,18 +559,12 @@ func (t *Task) Value(key interface{}) interface{} { case CtxPIDNamespace: return t.tg.pidns case CtxUTSNamespace: - t.mu.Lock() - defer t.mu.Unlock() return t.utsns case CtxIPCNamespace: - t.mu.Lock() - defer t.mu.Unlock() return t.ipcns case CtxTask: return t case auth.CtxCredentials: - t.mu.Lock() - defer t.mu.Unlock() return t.creds case context.CtxThreadGroupID: return int32(t.ThreadGroup().ID()) |