diff options
| author | Dean Deng <deandeng@google.com> | 2020-03-13 11:40:13 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2020-03-13 11:41:08 -0700 |
| commit | 2e38408f20a084de716962d4631e0fec1fd16c16 (patch) | |
| tree | b2e15836e5c5f483f003e79b8c30328ad43c844f /pkg/sentry/vfs/vfs.go | |
| parent | f458a325e9b6aecf2ee198de19063505c48a14d7 (diff) | |
Implement access/faccessat for VFS2.
Note that the raw faccessat system call does not actually take a flags argument;
according to faccessat(2), the glibc wrapper implements the flags by using
fstatat(2). Remove the flag argument that we try to extract from vfs1, which
would just be a garbage value.
Updates #1965
Fixes #2101
PiperOrigin-RevId: 300796067
Diffstat (limited to 'pkg/sentry/vfs/vfs.go')
| -rw-r--r-- | pkg/sentry/vfs/vfs.go | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go index 365e8b30d..2e2880171 100644 --- a/pkg/sentry/vfs/vfs.go +++ b/pkg/sentry/vfs/vfs.go @@ -174,6 +174,23 @@ type PathOperation struct { FollowFinalSymlink bool } +// AccessAt checks whether a user with creds has access to the file at +// the given path. +func (vfs *VirtualFilesystem) AccessAt(ctx context.Context, creds *auth.Credentials, ats AccessTypes, pop *PathOperation) error { + rp := vfs.getResolvingPath(creds, pop) + for { + err := rp.mount.fs.impl.AccessAt(ctx, rp, creds, ats) + if err == nil { + vfs.putResolvingPath(rp) + return nil + } + if !rp.handleError(err) { + vfs.putResolvingPath(rp) + return err + } + } +} + // GetDentryAt returns a VirtualDentry representing the given path, at which a // file must exist. A reference is taken on the returned VirtualDentry. func (vfs *VirtualFilesystem) GetDentryAt(ctx context.Context, creds *auth.Credentials, pop *PathOperation, opts *GetDentryOptions) (VirtualDentry, error) { |