diff options
author | Kevin Krakauer <krakauer@google.com> | 2021-02-10 17:43:25 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-02-10 17:45:18 -0800 |
commit | 81ea0016e62318053f97ec714967047e6191fb2b (patch) | |
tree | 36cffbaec97f79f8f06f442d28aba077f470b4be /pkg/sentry/vfs | |
parent | ff04d019e3d20adf0f5ef3146fa28d3b83a4819a (diff) |
Support setgid directories in tmpfs and kernfs
PiperOrigin-RevId: 356868412
Diffstat (limited to 'pkg/sentry/vfs')
-rw-r--r-- | pkg/sentry/vfs/permissions.go | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/pkg/sentry/vfs/permissions.go b/pkg/sentry/vfs/permissions.go index db6146fd2..b7704874f 100644 --- a/pkg/sentry/vfs/permissions.go +++ b/pkg/sentry/vfs/permissions.go @@ -326,3 +326,20 @@ func CheckXattrPermissions(creds *auth.Credentials, ats AccessTypes, mode linux. } return nil } + +// ClearSUIDAndSGID clears the setuid and/or setgid bits after a chown or write. +// Depending on the mode, neither bit, only the setuid bit, or both are cleared. +func ClearSUIDAndSGID(mode uint32) uint32 { + // Directories don't have their bits changed. + if mode&linux.ModeDirectory == linux.ModeDirectory { + return mode + } + + // Changing owners always disables the setuid bit. It disables + // the setgid bit when the file is executable. + mode &= ^uint32(linux.ModeSetUID) + if sgid := uint32(linux.ModeSetGID | linux.ModeGroupExec); mode&sgid == sgid { + mode &= ^uint32(linux.ModeSetGID) + } + return mode +} |