diff options
author | Dean Deng <deandeng@google.com> | 2020-10-30 19:37:29 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-10-30 19:39:28 -0700 |
commit | 4eb1c87e8033520981cce19dea7cde5f85f07737 (patch) | |
tree | f5d8f7fb6113fcdef86ec77b631f7c0c9c23a332 /pkg/sentry | |
parent | 1f25697cfe0484198784afc947ae3bdf4eb05e9b (diff) |
Adjust error handling in kernfs rename.
Read-only directories (e.g. under /sys, /proc) should return EPERM for rename.
PiperOrigin-RevId: 339979022
Diffstat (limited to 'pkg/sentry')
-rw-r--r-- | pkg/sentry/fsimpl/kernfs/inode_impl_util.go | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/pkg/sentry/fsimpl/kernfs/inode_impl_util.go b/pkg/sentry/fsimpl/kernfs/inode_impl_util.go index 4f78437d2..d83c17f83 100644 --- a/pkg/sentry/fsimpl/kernfs/inode_impl_util.go +++ b/pkg/sentry/fsimpl/kernfs/inode_impl_util.go @@ -578,13 +578,18 @@ func (o *OrderedChildren) RmDir(ctx context.Context, name string, child Inode) e // // Postcondition: reference on any replaced dentry transferred to caller. func (o *OrderedChildren) Rename(ctx context.Context, oldname, newname string, child, dstDir Inode) error { + if !o.writable { + return syserror.EPERM + } + dst, ok := dstDir.(interface{}).(*OrderedChildren) if !ok { - return syserror.ENODEV + return syserror.EXDEV } - if !o.writable || !dst.writable { + if !dst.writable { return syserror.EPERM } + // Note: There's a potential deadlock below if concurrent calls to Rename // refer to the same src and dst directories in reverse. We avoid any // ordering issues because the caller is required to serialize concurrent |