summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/syscalls/linux
diff options
context:
space:
mode:
authorMichael Pratt <mpratt@google.com>2018-08-02 16:00:29 -0700
committerShentubot <shentubot@google.com>2018-08-02 16:01:31 -0700
commita3927157c56cc022cefebc30c8a9b6014f5d0412 (patch)
tree7ba66f6304055151f57ab3ed113410769dfe5952 /pkg/sentry/syscalls/linux
parentb6a37ab9d96b382e26e3836a42ea485c48a521a8 (diff)
Copy creds in access
PiperOrigin-RevId: 207181631 Change-Id: Ic6205278715a9260fb970efb414fc758ea72c4c6
Diffstat (limited to 'pkg/sentry/syscalls/linux')
-rw-r--r--pkg/sentry/syscalls/linux/sys_file.go2
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go
index 692f11ed7..94b7ac7a5 100644
--- a/pkg/sentry/syscalls/linux/sys_file.go
+++ b/pkg/sentry/syscalls/linux/sys_file.go
@@ -453,7 +453,7 @@ func accessAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, resolve bool, m
// uid/gid. We do this by temporarily clearing all FS-related
// capabilities and switching the fsuid/fsgid around to the
// real ones." -fs/open.c:faccessat
- creds := t.Credentials()
+ creds := t.Credentials().Fork()
creds.EffectiveKUID = creds.RealKUID
creds.EffectiveKGID = creds.RealKGID
if creds.EffectiveKUID.In(creds.UserNamespace) == auth.RootUID {