diff options
| author | Jamie Liu <jamieliu@google.com> | 2020-04-02 16:57:08 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2020-04-02 16:58:24 -0700 |
| commit | dbc507dc5cfde2f69a94a58fcb2744ef0899ce7e (patch) | |
| tree | cbdaeb18c40b1cd74fe2e9f9edf7724559de98a5 /pkg/sentry/vfs/epoll.go | |
| parent | ecc3d01d181a6ae6d3cc72531542d9ea5fe3e376 (diff) | |
Add equivalents to FMODE_PREAD/PWRITE to VFS2.
This is mostly required for PipeTest_OffsetCalls.
The options are DenyPRead/PWrite rather than AllowPRead/PWrite since, in Linux
terms, fs/open.c:do_dentry_open sets FMODE_PREAD|FMODE_PWRITE unconditionally
(although it allows filesystem implementations of open to unset these flags),
so they're set for most FDs; it's usually FDs created outside of open(2) that
don't get them, e.g.:
- Syscall-created pipes (fs/pipe.c:create_pipe_files =>
fs/file_table.c:alloc_file_pseudo)
- Epoll instances (fs/eventpoll.c:do_epoll_create =>
fs/anon_inodes.c:anon_inode_getfile => alloc_file_pseudo)
- Sockets (net/socket.c:sock_alloc_file => alloc_file_pseudo)
This CL adds the flags to epoll instances; a subsequent CL reworks the VFS2
implementation of pipe FDs to be filesystem-independent and adds the flags
there, and sockets aren't implemented yet.
Updates #1035
PiperOrigin-RevId: 304506434
Diffstat (limited to 'pkg/sentry/vfs/epoll.go')
| -rw-r--r-- | pkg/sentry/vfs/epoll.go | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/pkg/sentry/vfs/epoll.go b/pkg/sentry/vfs/epoll.go index 3da45d744..8e0b40841 100644 --- a/pkg/sentry/vfs/epoll.go +++ b/pkg/sentry/vfs/epoll.go @@ -99,6 +99,8 @@ func (vfs *VirtualFilesystem) NewEpollInstanceFD() (*FileDescription, error) { interest: make(map[epollInterestKey]*epollInterest), } if err := ep.vfsfd.Init(ep, linux.O_RDWR, vd.Mount(), vd.Dentry(), &FileDescriptionOptions{ + DenyPRead: true, + DenyPWrite: true, UseDentryMetadata: true, }); err != nil { return nil, err |