summaryrefslogtreecommitdiffhomepage
path: root/pkg
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2021-06-30 15:23:33 +0000
committergVisor bot <gvisor-bot@google.com>2021-06-30 15:23:33 +0000
commite75120d9b11f25bf12cf999efb0bd738eb82c662 (patch)
tree98ffaab6e1d7f7ec8f6fe179fb4cd93d06a25291 /pkg
parent5cbcccf1faa9c329ecf8e5ba420692b7fd51a7e8 (diff)
parent6ef268409620c57197b9d573e23be8cb05dbf381 (diff)
Merge release-20210628.0-14-g6ef268409 (automated)
Diffstat (limited to 'pkg')
-rw-r--r--pkg/sentry/devices/tundev/tundev.go2
-rw-r--r--pkg/sentry/fs/dev/net_tun.go2
-rw-r--r--pkg/sentry/fs/dirent.go6
-rw-r--r--pkg/sentry/fs/gofer/path.go2
-rw-r--r--pkg/sentry/fs/host/host.go4
-rw-r--r--pkg/sentry/fs/host/inode.go21
-rw-r--r--pkg/sentry/fs/host/tty.go2
-rw-r--r--pkg/sentry/fs/inode.go3
-rw-r--r--pkg/sentry/fs/inode_overlay.go6
-rw-r--r--pkg/sentry/fs/inotify.go2
-rw-r--r--pkg/sentry/fs/proc/seqfile/seqfile.go4
-rw-r--r--pkg/sentry/fs/proc/task.go12
-rw-r--r--pkg/sentry/fs/ramfs/dir.go13
-rw-r--r--pkg/sentry/fs/splice.go2
-rw-r--r--pkg/sentry/fs/tmpfs/inode_file.go12
-rw-r--r--pkg/sentry/fs/tty/dir.go17
-rw-r--r--pkg/sentry/fsbridge/fs.go3
-rw-r--r--pkg/sentry/fsimpl/cgroupfs/cgroupfs.go2
-rw-r--r--pkg/sentry/fsimpl/fuse/dev.go10
-rw-r--r--pkg/sentry/fsimpl/fuse/fusefs.go2
-rw-r--r--pkg/sentry/fsimpl/gofer/filesystem.go10
-rw-r--r--pkg/sentry/fsimpl/gofer/gofer.go6
-rw-r--r--pkg/sentry/fsimpl/host/host.go4
-rw-r--r--pkg/sentry/fsimpl/host/tty.go2
-rw-r--r--pkg/sentry/fsimpl/kernfs/dynamic_bytes_file.go6
-rw-r--r--pkg/sentry/fsimpl/kernfs/filesystem.go2
-rw-r--r--pkg/sentry/fsimpl/kernfs/inode_impl_util.go20
-rw-r--r--pkg/sentry/fsimpl/kernfs/symlink.go4
-rw-r--r--pkg/sentry/fsimpl/kernfs/synthetic_directory.go12
-rw-r--r--pkg/sentry/fsimpl/overlay/copy_up.go2
-rw-r--r--pkg/sentry/fsimpl/overlay/filesystem.go4
-rw-r--r--pkg/sentry/fsimpl/pipefs/pipefs.go4
-rw-r--r--pkg/sentry/fsimpl/proc/subtasks.go3
-rw-r--r--pkg/sentry/fsimpl/proc/task.go3
-rw-r--r--pkg/sentry/fsimpl/proc/task_files.go14
-rw-r--r--pkg/sentry/fsimpl/proc/tasks_files.go4
-rw-r--r--pkg/sentry/fsimpl/sys/sys.go3
-rw-r--r--pkg/sentry/fsimpl/tmpfs/filesystem.go2
-rw-r--r--pkg/sentry/fsimpl/tmpfs/regular_file.go12
-rw-r--r--pkg/sentry/fsimpl/tmpfs/tmpfs.go2
-rw-r--r--pkg/sentry/fsimpl/verity/filesystem.go2
-rw-r--r--pkg/sentry/fsimpl/verity/verity.go4
-rw-r--r--pkg/sentry/kernel/auth/credentials.go5
-rw-r--r--pkg/sentry/kernel/auth/id_map.go25
-rw-r--r--pkg/sentry/kernel/auth/user_namespace.go5
-rw-r--r--pkg/sentry/kernel/futex/futex.go2
-rw-r--r--pkg/sentry/kernel/pipe/pipe.go2
-rw-r--r--pkg/sentry/kernel/ptrace.go12
-rw-r--r--pkg/sentry/kernel/rseq.go2
-rw-r--r--pkg/sentry/kernel/semaphore/semaphore.go22
-rw-r--r--pkg/sentry/kernel/sessions.go17
-rw-r--r--pkg/sentry/kernel/shm/shm.go8
-rw-r--r--pkg/sentry/kernel/task_clone.go17
-rw-r--r--pkg/sentry/kernel/task_identity.go27
-rw-r--r--pkg/sentry/kernel/thread_group.go6
-rw-r--r--pkg/sentry/loader/elf.go2
-rw-r--r--pkg/sentry/loader/loader.go3
-rw-r--r--pkg/sentry/mm/syscalls.go8
-rw-r--r--pkg/sentry/mm/vma.go5
-rw-r--r--pkg/sentry/pgalloc/pgalloc.go3
-rw-r--r--pkg/sentry/socket/control/control.go5
-rw-r--r--pkg/sentry/socket/control/control_vfs2.go4
-rw-r--r--pkg/sentry/socket/hostinet/stack.go18
-rw-r--r--pkg/sentry/syscalls/epoll.go23
-rw-r--r--pkg/sentry/syscalls/linux/linux64.go24
-rw-r--r--pkg/sentry/syscalls/linux/sys_aio.go4
-rw-r--r--pkg/sentry/syscalls/linux/sys_capability.go4
-rw-r--r--pkg/sentry/syscalls/linux/sys_file.go64
-rw-r--r--pkg/sentry/syscalls/linux/sys_getdents.go2
-rw-r--r--pkg/sentry/syscalls/linux/sys_inotify.go2
-rw-r--r--pkg/sentry/syscalls/linux/sys_lseek.go2
-rw-r--r--pkg/sentry/syscalls/linux/sys_membarrier.go5
-rw-r--r--pkg/sentry/syscalls/linux/sys_mempolicy.go2
-rw-r--r--pkg/sentry/syscalls/linux/sys_mmap.go6
-rw-r--r--pkg/sentry/syscalls/linux/sys_mount.go6
-rw-r--r--pkg/sentry/syscalls/linux/sys_poll.go2
-rw-r--r--pkg/sentry/syscalls/linux/sys_prctl.go7
-rw-r--r--pkg/sentry/syscalls/linux/sys_read.go24
-rw-r--r--pkg/sentry/syscalls/linux/sys_rlimit.go4
-rw-r--r--pkg/sentry/syscalls/linux/sys_signal.go20
-rw-r--r--pkg/sentry/syscalls/linux/sys_socket.go30
-rw-r--r--pkg/sentry/syscalls/linux/sys_splice.go16
-rw-r--r--pkg/sentry/syscalls/linux/sys_stat.go8
-rw-r--r--pkg/sentry/syscalls/linux/sys_sync.go8
-rw-r--r--pkg/sentry/syscalls/linux/sys_thread.go2
-rw-r--r--pkg/sentry/syscalls/linux/sys_time.go2
-rw-r--r--pkg/sentry/syscalls/linux/sys_timerfd.go5
-rw-r--r--pkg/sentry/syscalls/linux/sys_tls_amd64.go2
-rw-r--r--pkg/sentry/syscalls/linux/sys_utsname.go5
-rw-r--r--pkg/sentry/syscalls/linux/sys_write.go22
-rw-r--r--pkg/sentry/syscalls/linux/sys_xattr.go10
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/aio.go4
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/epoll.go7
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/execve.go2
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/fd.go26
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/fscontext.go3
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/getdents.go3
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/inotify.go3
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/ioctl.go5
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/lock.go3
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/mmap.go5
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/mount.go5
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/path.go6
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/poll.go2
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/read_write.go26
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/setstat.go12
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/signal.go3
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/socket.go30
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/splice.go20
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/stat.go6
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/sync.go8
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/timerfd.go5
-rw-r--r--pkg/sentry/syscalls/linux/vfs2/xattr.go8
-rw-r--r--pkg/sentry/syscalls/syscalls.go5
-rw-r--r--pkg/sentry/vfs/anonfs.go18
-rw-r--r--pkg/sentry/vfs/file_description.go16
-rw-r--r--pkg/sentry/vfs/file_description_impl_util.go10
-rw-r--r--pkg/sentry/vfs/inotify.go4
-rw-r--r--pkg/sentry/vfs/mount.go2
-rw-r--r--pkg/sentry/vfs/opath.go32
-rw-r--r--pkg/sentry/vfs/permissions.go27
-rw-r--r--pkg/sentry/vfs/vfs.go4
-rw-r--r--pkg/syserror/syserror.go3
-rw-r--r--pkg/tcpip/link/tun/device.go4
124 files changed, 535 insertions, 543 deletions
diff --git a/pkg/sentry/devices/tundev/tundev.go b/pkg/sentry/devices/tundev/tundev.go
index 4ef91a600..c4889017b 100644
--- a/pkg/sentry/devices/tundev/tundev.go
+++ b/pkg/sentry/devices/tundev/tundev.go
@@ -78,7 +78,7 @@ func (fd *tunFD) Ioctl(ctx context.Context, uio usermem.IO, args arch.SyscallArg
switch request {
case linux.TUNSETIFF:
if !t.HasCapability(linux.CAP_NET_ADMIN) {
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
stack, ok := t.NetworkContext().(*netstack.Stack)
if !ok {
diff --git a/pkg/sentry/fs/dev/net_tun.go b/pkg/sentry/fs/dev/net_tun.go
index 5674978bd..ae9aed7b5 100644
--- a/pkg/sentry/fs/dev/net_tun.go
+++ b/pkg/sentry/fs/dev/net_tun.go
@@ -99,7 +99,7 @@ func (n *netTunFileOperations) Ioctl(ctx context.Context, file *fs.File, io user
switch request {
case linux.TUNSETIFF:
if !t.HasCapability(linux.CAP_NET_ADMIN) {
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
stack, ok := t.NetworkContext().(*netstack.Stack)
if !ok {
diff --git a/pkg/sentry/fs/dirent.go b/pkg/sentry/fs/dirent.go
index e21c9d78e..1b17aa991 100644
--- a/pkg/sentry/fs/dirent.go
+++ b/pkg/sentry/fs/dirent.go
@@ -1320,7 +1320,7 @@ func lockForRename(oldParent *Dirent, oldName string, newParent *Dirent, newName
func (d *Dirent) checkSticky(ctx context.Context, victim *Dirent) error {
uattr, err := d.Inode.UnstableAttr(ctx)
if err != nil {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if !uattr.Perms.Sticky {
return nil
@@ -1333,7 +1333,7 @@ func (d *Dirent) checkSticky(ctx context.Context, victim *Dirent) error {
vuattr, err := victim.Inode.UnstableAttr(ctx)
if err != nil {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if vuattr.Owner.UID == creds.EffectiveKUID {
return nil
@@ -1341,7 +1341,7 @@ func (d *Dirent) checkSticky(ctx context.Context, victim *Dirent) error {
if victim.Inode.CheckCapability(ctx, linux.CAP_FOWNER) {
return nil
}
- return syserror.EPERM
+ return linuxerr.EPERM
}
// MayDelete determines whether `name`, a child of `d`, can be deleted or
diff --git a/pkg/sentry/fs/gofer/path.go b/pkg/sentry/fs/gofer/path.go
index 1a6f353d0..79e165faf 100644
--- a/pkg/sentry/fs/gofer/path.go
+++ b/pkg/sentry/fs/gofer/path.go
@@ -312,7 +312,7 @@ func (i *inodeOperations) CreateFifo(ctx context.Context, dir *fs.Inode, name st
func (i *inodeOperations) createInternalFifo(ctx context.Context, dir *fs.Inode, name string, owner fs.FileOwner, perm fs.FilePermissions) error {
if i.session().overrides == nil {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Stabilize the override map while creation is in progress.
diff --git a/pkg/sentry/fs/host/host.go b/pkg/sentry/fs/host/host.go
index 081ba1dd8..9f6dbd7e9 100644
--- a/pkg/sentry/fs/host/host.go
+++ b/pkg/sentry/fs/host/host.go
@@ -17,8 +17,8 @@ package host
import (
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/fs"
- "gvisor.dev/gvisor/pkg/syserror"
)
// filesystem is a host filesystem.
@@ -40,7 +40,7 @@ func (*filesystem) Name() string {
// Mount returns an error. Mounting hostfs is not allowed.
func (*filesystem) Mount(ctx context.Context, device string, flags fs.MountSourceFlags, data string, dataObj interface{}) (*fs.Inode, error) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
// AllowUserMount prohibits users from using mount(2) with this file system.
diff --git a/pkg/sentry/fs/host/inode.go b/pkg/sentry/fs/host/inode.go
index e299b532c..1b56f0919 100644
--- a/pkg/sentry/fs/host/inode.go
+++ b/pkg/sentry/fs/host/inode.go
@@ -17,6 +17,7 @@ package host
import (
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/fd"
"gvisor.dev/gvisor/pkg/safemem"
"gvisor.dev/gvisor/pkg/secio"
@@ -113,7 +114,7 @@ func (i *inodeFileState) SetMaskedAttributes(ctx context.Context, mask fs.AttrMa
return nil
}
if mask.UID || mask.GID {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if mask.Perms {
if err := unix.Fchmod(i.FD(), uint32(attr.Perms.LinuxMode())); err != nil {
@@ -224,43 +225,43 @@ func (i *inodeOperations) Lookup(ctx context.Context, dir *fs.Inode, name string
// Create implements fs.InodeOperations.Create.
func (i *inodeOperations) Create(ctx context.Context, dir *fs.Inode, name string, flags fs.FileFlags, perm fs.FilePermissions) (*fs.File, error) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
// CreateDirectory implements fs.InodeOperations.CreateDirectory.
func (i *inodeOperations) CreateDirectory(ctx context.Context, dir *fs.Inode, name string, perm fs.FilePermissions) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// CreateLink implements fs.InodeOperations.CreateLink.
func (i *inodeOperations) CreateLink(ctx context.Context, dir *fs.Inode, oldname string, newname string) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// CreateHardLink implements fs.InodeOperations.CreateHardLink.
func (*inodeOperations) CreateHardLink(context.Context, *fs.Inode, *fs.Inode, string) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// CreateFifo implements fs.InodeOperations.CreateFifo.
func (*inodeOperations) CreateFifo(context.Context, *fs.Inode, string, fs.FilePermissions) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Remove implements fs.InodeOperations.Remove.
func (i *inodeOperations) Remove(ctx context.Context, dir *fs.Inode, name string) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// RemoveDirectory implements fs.InodeOperations.RemoveDirectory.
func (i *inodeOperations) RemoveDirectory(ctx context.Context, dir *fs.Inode, name string) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Rename implements fs.InodeOperations.Rename.
func (i *inodeOperations) Rename(ctx context.Context, inode *fs.Inode, oldParent *fs.Inode, oldName string, newParent *fs.Inode, newName string, replacement bool) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Bind implements fs.InodeOperations.Bind.
@@ -313,7 +314,7 @@ func (i *inodeOperations) Check(ctx context.Context, inode *fs.Inode, p fs.PermM
// SetOwner implements fs.InodeOperations.SetOwner.
func (i *inodeOperations) SetOwner(context.Context, *fs.Inode, fs.FileOwner) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// SetPermissions implements fs.InodeOperations.SetPermissions.
diff --git a/pkg/sentry/fs/host/tty.go b/pkg/sentry/fs/host/tty.go
index 2ff520100..c7010f35c 100644
--- a/pkg/sentry/fs/host/tty.go
+++ b/pkg/sentry/fs/host/tty.go
@@ -224,7 +224,7 @@ func (t *TTYFileOperations) Ioctl(ctx context.Context, _ *fs.File, io usermem.IO
// Check that new process group is in the TTY session.
if pg.Session() != t.session {
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
t.fgProcessGroup = pg
diff --git a/pkg/sentry/fs/inode.go b/pkg/sentry/fs/inode.go
index 41a3c2047..b8da3bdd4 100644
--- a/pkg/sentry/fs/inode.go
+++ b/pkg/sentry/fs/inode.go
@@ -17,6 +17,7 @@ package fs
import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/refs"
"gvisor.dev/gvisor/pkg/sentry/fs/lock"
@@ -324,7 +325,7 @@ func (i *Inode) check(ctx context.Context, p PermMask) error {
return overlayCheck(ctx, i.overlay, p)
}
if !i.InodeOperations.Check(ctx, i, p) {
- return syserror.EACCES
+ return linuxerr.EACCES
}
return nil
}
diff --git a/pkg/sentry/fs/inode_overlay.go b/pkg/sentry/fs/inode_overlay.go
index bd1125dcc..ecd467533 100644
--- a/pkg/sentry/fs/inode_overlay.go
+++ b/pkg/sentry/fs/inode_overlay.go
@@ -569,7 +569,7 @@ func overlayGetXattr(ctx context.Context, o *overlayEntry, name string, size uin
func overlaySetXattr(ctx context.Context, o *overlayEntry, d *Dirent, name, value string, flags uint32) error {
// Don't allow changes to overlay xattrs through a setxattr syscall.
if isXattrOverlay(name) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if err := copyUp(ctx, d); err != nil {
@@ -601,7 +601,7 @@ func overlayListXattr(ctx context.Context, o *overlayEntry, size uint64) (map[st
func overlayRemoveXattr(ctx context.Context, o *overlayEntry, d *Dirent, name string) error {
// Don't allow changes to overlay xattrs through a removexattr syscall.
if isXattrOverlay(name) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if err := copyUp(ctx, d); err != nil {
@@ -688,7 +688,7 @@ func overlayGetlink(ctx context.Context, o *overlayEntry) (*Dirent, error) {
dirent.DecRef(ctx)
// Claim that the path is not accessible.
- err = syserror.EACCES
+ err = linuxerr.EACCES
log.Warningf("Getlink not supported in overlay for %q", name)
}
return nil, err
diff --git a/pkg/sentry/fs/inotify.go b/pkg/sentry/fs/inotify.go
index 4e07043c7..ebdd418af 100644
--- a/pkg/sentry/fs/inotify.go
+++ b/pkg/sentry/fs/inotify.go
@@ -127,7 +127,7 @@ func (*Inotify) Readdir(context.Context, *File, DentrySerializer) (int64, error)
// Write implements FileOperations.Write.
func (*Inotify) Write(context.Context, *File, usermem.IOSequence, int64) (int64, error) {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
// Read implements FileOperations.Read.
diff --git a/pkg/sentry/fs/proc/seqfile/seqfile.go b/pkg/sentry/fs/proc/seqfile/seqfile.go
index b01688b1d..77270814e 100644
--- a/pkg/sentry/fs/proc/seqfile/seqfile.go
+++ b/pkg/sentry/fs/proc/seqfile/seqfile.go
@@ -20,13 +20,13 @@ import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/hostarch"
"gvisor.dev/gvisor/pkg/sentry/fs"
"gvisor.dev/gvisor/pkg/sentry/fs/fsutil"
"gvisor.dev/gvisor/pkg/sentry/fs/proc/device"
ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
"gvisor.dev/gvisor/pkg/sync"
- "gvisor.dev/gvisor/pkg/syserror"
"gvisor.dev/gvisor/pkg/usermem"
"gvisor.dev/gvisor/pkg/waiter"
)
@@ -204,7 +204,7 @@ var _ fs.FileOperations = (*seqFileOperations)(nil)
// Write implements fs.FileOperations.Write.
func (*seqFileOperations) Write(context.Context, *fs.File, usermem.IOSequence, int64) (int64, error) {
- return 0, syserror.EACCES
+ return 0, linuxerr.EACCES
}
// Read implements fs.FileOperations.Read.
diff --git a/pkg/sentry/fs/proc/task.go b/pkg/sentry/fs/proc/task.go
index 7ece1377a..7a7af31e4 100644
--- a/pkg/sentry/fs/proc/task.go
+++ b/pkg/sentry/fs/proc/task.go
@@ -62,7 +62,7 @@ func getTaskMM(t *kernel.Task) (*mm.MemoryManager, error) {
func checkTaskState(t *kernel.Task) error {
switch t.ExitState() {
case kernel.TaskExitZombie:
- return syserror.EACCES
+ return linuxerr.EACCES
case kernel.TaskExitDead:
return syserror.ESRCH
}
@@ -273,7 +273,7 @@ func (e *exe) executable() (file fsbridge.File, err error) {
e.t.WithMuLocked(func(t *kernel.Task) {
mm := t.MemoryManager()
if mm == nil {
- err = syserror.EACCES
+ err = linuxerr.EACCES
return
}
@@ -291,7 +291,7 @@ func (e *exe) executable() (file fsbridge.File, err error) {
// Readlink implements fs.InodeOperations.
func (e *exe) Readlink(ctx context.Context, inode *fs.Inode) (string, error) {
if !kernel.ContextCanTrace(ctx, e.t, false) {
- return "", syserror.EACCES
+ return "", linuxerr.EACCES
}
// Pull out the executable for /proc/TID/exe.
@@ -324,7 +324,7 @@ func newCwd(ctx context.Context, t *kernel.Task, msrc *fs.MountSource) *fs.Inode
// Readlink implements fs.InodeOperations.
func (e *cwd) Readlink(ctx context.Context, inode *fs.Inode) (string, error) {
if !kernel.ContextCanTrace(ctx, e.t, false) {
- return "", syserror.EACCES
+ return "", linuxerr.EACCES
}
if err := checkTaskState(e.t); err != nil {
return "", err
@@ -381,7 +381,7 @@ func (n *namespaceSymlink) Readlink(ctx context.Context, inode *fs.Inode) (strin
// Getlink implements fs.InodeOperations.Getlink.
func (n *namespaceSymlink) Getlink(ctx context.Context, inode *fs.Inode) (*fs.Dirent, error) {
if !kernel.ContextCanTrace(ctx, n.t, false) {
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
if err := checkTaskState(n.t); err != nil {
return nil, err
@@ -449,7 +449,7 @@ func (m *memData) GetFile(ctx context.Context, dirent *fs.Dirent, flags fs.FileF
// Permission to read this file is governed by PTRACE_MODE_ATTACH_FSCREDS
// Since we dont implement setfsuid/setfsgid we can just use PTRACE_MODE_ATTACH
if !kernel.ContextCanTrace(ctx, m.t, true) {
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
if err := checkTaskState(m.t); err != nil {
return nil, err
diff --git a/pkg/sentry/fs/ramfs/dir.go b/pkg/sentry/fs/ramfs/dir.go
index 19990f9db..daa396e42 100644
--- a/pkg/sentry/fs/ramfs/dir.go
+++ b/pkg/sentry/fs/ramfs/dir.go
@@ -21,6 +21,7 @@ import (
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/fs"
"gvisor.dev/gvisor/pkg/sentry/fs/fsutil"
"gvisor.dev/gvisor/pkg/sentry/socket/unix/transport"
@@ -178,7 +179,7 @@ func (d *Dir) Children() ([]string, map[string]fs.DentAttr) {
func (d *Dir) removeChildLocked(ctx context.Context, name string) (*fs.Inode, error) {
inode, ok := d.children[name]
if !ok {
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
delete(d.children, name)
@@ -311,7 +312,7 @@ func (d *Dir) createInodeOperationsCommon(ctx context.Context, name string, make
// Create creates a new Inode with the given name and returns its File.
func (d *Dir) Create(ctx context.Context, dir *fs.Inode, name string, flags fs.FileFlags, perms fs.FilePermissions) (*fs.File, error) {
if d.CreateOps == nil || d.CreateOps.NewFile == nil {
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
inode, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
@@ -333,7 +334,7 @@ func (d *Dir) Create(ctx context.Context, dir *fs.Inode, name string, flags fs.F
// CreateLink returns a new link.
func (d *Dir) CreateLink(ctx context.Context, dir *fs.Inode, oldname, newname string) error {
if d.CreateOps == nil || d.CreateOps.NewSymlink == nil {
- return syserror.EACCES
+ return linuxerr.EACCES
}
_, err := d.createInodeOperationsCommon(ctx, newname, func() (*fs.Inode, error) {
return d.NewSymlink(ctx, dir, oldname)
@@ -362,7 +363,7 @@ func (d *Dir) CreateHardLink(ctx context.Context, dir *fs.Inode, target *fs.Inod
// CreateDirectory returns a new subdirectory.
func (d *Dir) CreateDirectory(ctx context.Context, dir *fs.Inode, name string, perms fs.FilePermissions) error {
if d.CreateOps == nil || d.CreateOps.NewDir == nil {
- return syserror.EACCES
+ return linuxerr.EACCES
}
_, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
return d.NewDir(ctx, dir, perms)
@@ -373,7 +374,7 @@ func (d *Dir) CreateDirectory(ctx context.Context, dir *fs.Inode, name string, p
// Bind implements fs.InodeOperations.Bind.
func (d *Dir) Bind(ctx context.Context, dir *fs.Inode, name string, ep transport.BoundEndpoint, perms fs.FilePermissions) (*fs.Dirent, error) {
if d.CreateOps == nil || d.CreateOps.NewBoundEndpoint == nil {
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
inode, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
return d.NewBoundEndpoint(ctx, dir, ep, perms)
@@ -392,7 +393,7 @@ func (d *Dir) Bind(ctx context.Context, dir *fs.Inode, name string, ep transport
// CreateFifo implements fs.InodeOperations.CreateFifo.
func (d *Dir) CreateFifo(ctx context.Context, dir *fs.Inode, name string, perms fs.FilePermissions) error {
if d.CreateOps == nil || d.CreateOps.NewFifo == nil {
- return syserror.EACCES
+ return linuxerr.EACCES
}
_, err := d.createInodeOperationsCommon(ctx, name, func() (*fs.Inode, error) {
return d.NewFifo(ctx, dir, perms)
diff --git a/pkg/sentry/fs/splice.go b/pkg/sentry/fs/splice.go
index ca9f645f6..fff4befb2 100644
--- a/pkg/sentry/fs/splice.go
+++ b/pkg/sentry/fs/splice.go
@@ -29,7 +29,7 @@ import (
func Splice(ctx context.Context, dst *File, src *File, opts SpliceOpts) (int64, error) {
// Verify basic file flag permissions.
if !dst.Flags().Write || !src.Flags().Read {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
// Check whether or not the objects being sliced are stream-oriented
diff --git a/pkg/sentry/fs/tmpfs/inode_file.go b/pkg/sentry/fs/tmpfs/inode_file.go
index ce6be6386..60c419b9f 100644
--- a/pkg/sentry/fs/tmpfs/inode_file.go
+++ b/pkg/sentry/fs/tmpfs/inode_file.go
@@ -218,7 +218,7 @@ func (f *fileInodeOperations) Truncate(ctx context.Context, _ *fs.Inode, size in
fallthrough
case oldSize > size && f.seals&linux.F_SEAL_SHRINK != 0: // Shrink sealed
f.dataMu.Unlock()
- return syserror.EPERM
+ return linuxerr.EPERM
}
if oldSize != size {
@@ -279,7 +279,7 @@ func (f *fileInodeOperations) Allocate(ctx context.Context, _ *fs.Inode, offset,
// Check if current seals allow growth.
if f.seals&linux.F_SEAL_GROW != 0 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
f.attr.Size = newSize
@@ -462,7 +462,7 @@ func (rw *fileReadWriter) WriteFromBlocks(srcs safemem.BlockSeq) (uint64, error)
// Check if seals prevent either file growth or all writes.
switch {
case rw.f.seals&linux.F_SEAL_WRITE != 0: // Write sealed
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
case end > rw.f.attr.Size && rw.f.seals&linux.F_SEAL_GROW != 0: // Grow sealed
// When growth is sealed, Linux effectively allows writes which would
// normally grow the file to partially succeed up to the current EOF,
@@ -483,7 +483,7 @@ func (rw *fileReadWriter) WriteFromBlocks(srcs safemem.BlockSeq) (uint64, error)
}
if end <= rw.offset {
// Truncation would result in no data being written.
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
}
@@ -551,7 +551,7 @@ func (f *fileInodeOperations) AddMapping(ctx context.Context, ms memmap.MappingS
// Reject writable mapping if F_SEAL_WRITE is set.
if f.seals&linux.F_SEAL_WRITE != 0 && writable {
- return syserror.EPERM
+ return linuxerr.EPERM
}
f.mappings.AddMapping(ms, ar, offset, writable)
@@ -669,7 +669,7 @@ func AddSeals(inode *fs.Inode, val uint32) error {
if f.seals&linux.F_SEAL_SEAL != 0 {
// Seal applied which prevents addition of any new seals.
- return syserror.EPERM
+ return linuxerr.EPERM
}
// F_SEAL_WRITE can only be added if there are no active writable maps.
diff --git a/pkg/sentry/fs/tty/dir.go b/pkg/sentry/fs/tty/dir.go
index 13c9dbe7d..3242dcb6a 100644
--- a/pkg/sentry/fs/tty/dir.go
+++ b/pkg/sentry/fs/tty/dir.go
@@ -22,6 +22,7 @@ import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/hostarch"
"gvisor.dev/gvisor/pkg/sentry/fs"
"gvisor.dev/gvisor/pkg/sentry/fs/fsutil"
@@ -170,54 +171,54 @@ func (d *dirInodeOperations) Lookup(ctx context.Context, dir *fs.Inode, name str
//
// Creation is never allowed.
func (d *dirInodeOperations) Create(ctx context.Context, dir *fs.Inode, name string, flags fs.FileFlags, perm fs.FilePermissions) (*fs.File, error) {
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
// CreateDirectory implements fs.InodeOperations.CreateDirectory.
//
// Creation is never allowed.
func (d *dirInodeOperations) CreateDirectory(ctx context.Context, dir *fs.Inode, name string, perm fs.FilePermissions) error {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// CreateLink implements fs.InodeOperations.CreateLink.
//
// Creation is never allowed.
func (d *dirInodeOperations) CreateLink(ctx context.Context, dir *fs.Inode, oldname, newname string) error {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// CreateHardLink implements fs.InodeOperations.CreateHardLink.
//
// Creation is never allowed.
func (d *dirInodeOperations) CreateHardLink(ctx context.Context, dir *fs.Inode, target *fs.Inode, name string) error {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// CreateFifo implements fs.InodeOperations.CreateFifo.
//
// Creation is never allowed.
func (d *dirInodeOperations) CreateFifo(ctx context.Context, dir *fs.Inode, name string, perm fs.FilePermissions) error {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// Remove implements fs.InodeOperations.Remove.
//
// Removal is never allowed.
func (d *dirInodeOperations) Remove(ctx context.Context, dir *fs.Inode, name string) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// RemoveDirectory implements fs.InodeOperations.RemoveDirectory.
//
// Removal is never allowed.
func (d *dirInodeOperations) RemoveDirectory(ctx context.Context, dir *fs.Inode, name string) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Bind implements fs.InodeOperations.Bind.
func (d *dirInodeOperations) Bind(ctx context.Context, dir *fs.Inode, name string, data transport.BoundEndpoint, perm fs.FilePermissions) (*fs.Dirent, error) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
// GetFile implements fs.InodeOperations.GetFile.
diff --git a/pkg/sentry/fsbridge/fs.go b/pkg/sentry/fsbridge/fs.go
index 9785fd62a..2b6c93e12 100644
--- a/pkg/sentry/fsbridge/fs.go
+++ b/pkg/sentry/fsbridge/fs.go
@@ -20,6 +20,7 @@ import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/fs"
"gvisor.dev/gvisor/pkg/sentry/memmap"
"gvisor.dev/gvisor/pkg/sentry/vfs"
@@ -144,7 +145,7 @@ func (l *fsLookup) OpenPath(ctx context.Context, path string, opts vfs.OpenOptio
if opts.FileExec && d.Inode.StableAttr.Type != fs.RegularFile {
ctx.Infof("%q is not a regular file: %v", path, d.Inode.StableAttr.Type)
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
f, err := d.Inode.GetFile(ctx, d, flagsToFileFlags(opts.Flags))
diff --git a/pkg/sentry/fsimpl/cgroupfs/cgroupfs.go b/pkg/sentry/fsimpl/cgroupfs/cgroupfs.go
index b5883cbd2..cabe87c94 100644
--- a/pkg/sentry/fsimpl/cgroupfs/cgroupfs.go
+++ b/pkg/sentry/fsimpl/cgroupfs/cgroupfs.go
@@ -365,7 +365,7 @@ func (*dir) Keep() bool {
// SetStat implements kernfs.Inode.SetStat not allowing inode attributes to be changed.
func (*dir) SetStat(context.Context, *vfs.Filesystem, *auth.Credentials, vfs.SetStatOptions) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Open implements kernfs.Inode.Open.
diff --git a/pkg/sentry/fsimpl/fuse/dev.go b/pkg/sentry/fsimpl/fuse/dev.go
index 0d0eed543..41fc6e512 100644
--- a/pkg/sentry/fsimpl/fuse/dev.go
+++ b/pkg/sentry/fsimpl/fuse/dev.go
@@ -123,7 +123,7 @@ func (fd *DeviceFD) Release(ctx context.Context) {
func (fd *DeviceFD) PRead(ctx context.Context, dst usermem.IOSequence, offset int64, opts vfs.ReadOptions) (int64, error) {
// Operations on /dev/fuse don't make sense until a FUSE filesystem is mounted.
if fd.fs == nil {
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
return 0, syserror.ENOSYS
@@ -133,7 +133,7 @@ func (fd *DeviceFD) PRead(ctx context.Context, dst usermem.IOSequence, offset in
func (fd *DeviceFD) Read(ctx context.Context, dst usermem.IOSequence, opts vfs.ReadOptions) (int64, error) {
// Operations on /dev/fuse don't make sense until a FUSE filesystem is mounted.
if fd.fs == nil {
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
// We require that any Read done on this filesystem have a sane minimum
@@ -235,7 +235,7 @@ func (fd *DeviceFD) readLocked(ctx context.Context, dst usermem.IOSequence, opts
func (fd *DeviceFD) PWrite(ctx context.Context, src usermem.IOSequence, offset int64, opts vfs.WriteOptions) (int64, error) {
// Operations on /dev/fuse don't make sense until a FUSE filesystem is mounted.
if fd.fs == nil {
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
return 0, syserror.ENOSYS
@@ -252,7 +252,7 @@ func (fd *DeviceFD) Write(ctx context.Context, src usermem.IOSequence, opts vfs.
func (fd *DeviceFD) writeLocked(ctx context.Context, src usermem.IOSequence, opts vfs.WriteOptions) (int64, error) {
// Operations on /dev/fuse don't make sense until a FUSE filesystem is mounted.
if fd.fs == nil {
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
// Return ENODEV if the filesystem is umounted.
@@ -392,7 +392,7 @@ func (fd *DeviceFD) EventUnregister(e *waiter.Entry) {
func (fd *DeviceFD) Seek(ctx context.Context, offset int64, whence int32) (int64, error) {
// Operations on /dev/fuse don't make sense until a FUSE filesystem is mounted.
if fd.fs == nil {
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
return 0, syserror.ENOSYS
diff --git a/pkg/sentry/fsimpl/fuse/fusefs.go b/pkg/sentry/fsimpl/fuse/fusefs.go
index be5bcd6af..a48db0d24 100644
--- a/pkg/sentry/fsimpl/fuse/fusefs.go
+++ b/pkg/sentry/fsimpl/fuse/fusefs.go
@@ -376,7 +376,7 @@ func (i *inode) CheckPermissions(ctx context.Context, creds *auth.Credentials, a
creds.RealKGID != i.fs.opts.gid ||
creds.EffectiveKGID != i.fs.opts.gid ||
creds.SavedKGID != i.fs.opts.gid {
- return syserror.EACCES
+ return linuxerr.EACCES
}
}
diff --git a/pkg/sentry/fsimpl/gofer/filesystem.go b/pkg/sentry/fsimpl/gofer/filesystem.go
index 067b7aac1..9b900801b 100644
--- a/pkg/sentry/fsimpl/gofer/filesystem.go
+++ b/pkg/sentry/fsimpl/gofer/filesystem.go
@@ -413,7 +413,7 @@ func (fs *filesystem) doCreateAt(ctx context.Context, rp *vfs.ResolvingPath, dir
}
if parent.isSynthetic() {
if createInSyntheticDir == nil {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if err := createInSyntheticDir(parent, name); err != nil {
return err
@@ -679,7 +679,7 @@ func (fs *filesystem) LinkAt(ctx context.Context, rp *vfs.ResolvingPath, vd vfs.
}
d := vd.Dentry().Impl().(*dentry)
if d.isDir() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
gid := auth.KGID(atomic.LoadUint32(&d.gid))
uid := auth.KUID(atomic.LoadUint32(&d.uid))
@@ -735,7 +735,7 @@ func (fs *filesystem) MkdirAt(ctx context.Context, rp *vfs.ResolvingPath, opts v
}, func(parent *dentry, name string) error {
if !opts.ForSyntheticMountpoint {
// Can't create non-synthetic files in synthetic directories.
- return syserror.EPERM
+ return linuxerr.EPERM
}
parent.createSyntheticChildLocked(&createSyntheticOpts{
name: name,
@@ -794,7 +794,7 @@ func (fs *filesystem) MknodAt(ctx context.Context, rp *vfs.ResolvingPath, opts v
return nil
}
// Retain error from gofer if synthetic file cannot be created internally.
- return syserror.EPERM
+ return linuxerr.EPERM
}, nil)
}
@@ -866,7 +866,7 @@ afterTrailingSymlink:
if linuxerr.Equals(linuxerr.ENOENT, err) && mayCreate {
if parent.isSynthetic() {
parent.dirMu.Unlock()
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
fd, err := parent.createAndOpenChildLocked(ctx, rp, &opts, &ds)
parent.dirMu.Unlock()
diff --git a/pkg/sentry/fsimpl/gofer/gofer.go b/pkg/sentry/fsimpl/gofer/gofer.go
index c7ebd435c..2397e2427 100644
--- a/pkg/sentry/fsimpl/gofer/gofer.go
+++ b/pkg/sentry/fsimpl/gofer/gofer.go
@@ -1091,7 +1091,7 @@ func (d *dentry) setStat(ctx context.Context, creds *auth.Credentials, opts *vfs
return nil
}
if stat.Mask&^(linux.STATX_MODE|linux.STATX_UID|linux.STATX_GID|linux.STATX_ATIME|linux.STATX_MTIME|linux.STATX_SIZE) != 0 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
mode := linux.FileMode(atomic.LoadUint32(&d.mode))
if err := vfs.CheckSetStat(ctx, creds, opts, mode, auth.KUID(atomic.LoadUint32(&d.uid)), auth.KGID(atomic.LoadUint32(&d.gid))); err != nil {
@@ -1714,7 +1714,7 @@ func (d *dentry) getXattr(ctx context.Context, creds *auth.Credentials, opts *vf
func (d *dentry) setXattr(ctx context.Context, creds *auth.Credentials, opts *vfs.SetXattrOptions) error {
if d.file.isNil() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if err := d.checkXattrPermissions(creds, opts.Name, vfs.MayWrite); err != nil {
return err
@@ -1724,7 +1724,7 @@ func (d *dentry) setXattr(ctx context.Context, creds *auth.Credentials, opts *vf
func (d *dentry) removeXattr(ctx context.Context, creds *auth.Credentials, name string) error {
if d.file.isNil() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if err := d.checkXattrPermissions(creds, name, vfs.MayWrite); err != nil {
return err
diff --git a/pkg/sentry/fsimpl/host/host.go b/pkg/sentry/fsimpl/host/host.go
index 4d2b282a0..7ec4832c3 100644
--- a/pkg/sentry/fsimpl/host/host.go
+++ b/pkg/sentry/fsimpl/host/host.go
@@ -409,7 +409,7 @@ func (i *inode) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *auth.Cre
return nil
}
if m&^(linux.STATX_MODE|linux.STATX_SIZE|linux.STATX_ATIME|linux.STATX_MTIME) != 0 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
var hostStat unix.Stat_t
if err := unix.Fstat(i.hostFD, &hostStat); err != nil {
@@ -530,7 +530,7 @@ func (i *inode) open(ctx context.Context, d *kernfs.Dentry, mnt *vfs.Mount, flag
default:
log.Warningf("cannot import host fd %d with file type %o", i.hostFD, fileType)
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
}
diff --git a/pkg/sentry/fsimpl/host/tty.go b/pkg/sentry/fsimpl/host/tty.go
index c7bf563f0..5974dce64 100644
--- a/pkg/sentry/fsimpl/host/tty.go
+++ b/pkg/sentry/fsimpl/host/tty.go
@@ -243,7 +243,7 @@ func (t *TTYFileDescription) Ioctl(ctx context.Context, io usermem.IO, args arch
// Check that new process group is in the TTY session.
if pg.Session() != t.session {
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
t.fgProcessGroup = pg
diff --git a/pkg/sentry/fsimpl/kernfs/dynamic_bytes_file.go b/pkg/sentry/fsimpl/kernfs/dynamic_bytes_file.go
index 84b1c3745..9d7526e47 100644
--- a/pkg/sentry/fsimpl/kernfs/dynamic_bytes_file.go
+++ b/pkg/sentry/fsimpl/kernfs/dynamic_bytes_file.go
@@ -19,9 +19,9 @@ import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
"gvisor.dev/gvisor/pkg/sentry/vfs"
- "gvisor.dev/gvisor/pkg/syserror"
"gvisor.dev/gvisor/pkg/usermem"
)
@@ -71,7 +71,7 @@ func (f *DynamicBytesFile) Open(ctx context.Context, rp *vfs.ResolvingPath, d *D
// inode attributes to be changed. Override SetStat() making it call
// f.InodeAttrs to allow it.
func (*DynamicBytesFile) SetStat(context.Context, *vfs.Filesystem, *auth.Credentials, vfs.SetStatOptions) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// DynamicBytesFD implements vfs.FileDescriptionImpl for an FD backed by a
@@ -137,5 +137,5 @@ func (fd *DynamicBytesFD) Stat(ctx context.Context, opts vfs.StatOptions) (linux
// SetStat implements vfs.FileDescriptionImpl.SetStat.
func (fd *DynamicBytesFD) SetStat(context.Context, vfs.SetStatOptions) error {
// DynamicBytesFiles are immutable.
- return syserror.EPERM
+ return linuxerr.EPERM
}
diff --git a/pkg/sentry/fsimpl/kernfs/filesystem.go b/pkg/sentry/fsimpl/kernfs/filesystem.go
index 1a314f59e..a7214a796 100644
--- a/pkg/sentry/fsimpl/kernfs/filesystem.go
+++ b/pkg/sentry/fsimpl/kernfs/filesystem.go
@@ -374,7 +374,7 @@ func (fs *Filesystem) LinkAt(ctx context.Context, rp *vfs.ResolvingPath, vd vfs.
d := vd.Dentry().Impl().(*Dentry)
if d.isDir() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
childI, err := parent.inode.NewLink(ctx, pc, d.inode)
diff --git a/pkg/sentry/fsimpl/kernfs/inode_impl_util.go b/pkg/sentry/fsimpl/kernfs/inode_impl_util.go
index 62872946e..996f2f03a 100644
--- a/pkg/sentry/fsimpl/kernfs/inode_impl_util.go
+++ b/pkg/sentry/fsimpl/kernfs/inode_impl_util.go
@@ -62,27 +62,27 @@ type InodeDirectoryNoNewChildren struct{}
// NewFile implements Inode.NewFile.
func (InodeDirectoryNoNewChildren) NewFile(context.Context, string, vfs.OpenOptions) (Inode, error) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
// NewDir implements Inode.NewDir.
func (InodeDirectoryNoNewChildren) NewDir(context.Context, string, vfs.MkdirOptions) (Inode, error) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
// NewLink implements Inode.NewLink.
func (InodeDirectoryNoNewChildren) NewLink(context.Context, string, Inode) (Inode, error) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
// NewSymlink implements Inode.NewSymlink.
func (InodeDirectoryNoNewChildren) NewSymlink(context.Context, string, string) (Inode, error) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
// NewNode implements Inode.NewNode.
func (InodeDirectoryNoNewChildren) NewNode(context.Context, string, vfs.MknodOptions) (Inode, error) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
// InodeNotDirectory partially implements the Inode interface, specifically the
@@ -286,7 +286,7 @@ func (a *InodeAttrs) SetStat(ctx context.Context, fs *vfs.Filesystem, creds *aut
// allowed by kernfs files but does not do anything. If some other behavior is
// needed, the embedder should consider extending SetStat.
if opts.Stat.Mask&^(linux.STATX_MODE|linux.STATX_UID|linux.STATX_GID|linux.STATX_ATIME|linux.STATX_MTIME|linux.STATX_SIZE) != 0 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if opts.Stat.Mask&linux.STATX_SIZE != 0 && a.Mode().IsDir() {
return syserror.EISDIR
@@ -570,7 +570,7 @@ func (o *OrderedChildren) checkExistingLocked(name string, child Inode) error {
// Unlink implements Inode.Unlink.
func (o *OrderedChildren) Unlink(ctx context.Context, name string, child Inode) error {
if !o.writable {
- return syserror.EPERM
+ return linuxerr.EPERM
}
o.mu.Lock()
defer o.mu.Unlock()
@@ -600,7 +600,7 @@ func (o *OrderedChildren) RmDir(ctx context.Context, name string, child Inode) e
// Postcondition: reference on any replaced dentry transferred to caller.
func (o *OrderedChildren) Rename(ctx context.Context, oldname, newname string, child, dstDir Inode) error {
if !o.writable {
- return syserror.EPERM
+ return linuxerr.EPERM
}
dst, ok := dstDir.(interface{}).(*OrderedChildren)
@@ -608,7 +608,7 @@ func (o *OrderedChildren) Rename(ctx context.Context, oldname, newname string, c
return syserror.EXDEV
}
if !dst.writable {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Note: There's a potential deadlock below if concurrent calls to Rename
@@ -710,7 +710,7 @@ func (s *StaticDirectory) Open(ctx context.Context, rp *vfs.ResolvingPath, d *De
// SetStat implements Inode.SetStat not allowing inode attributes to be changed.
func (*StaticDirectory) SetStat(context.Context, *vfs.Filesystem, *auth.Credentials, vfs.SetStatOptions) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// DecRef implements Inode.DecRef.
diff --git a/pkg/sentry/fsimpl/kernfs/symlink.go b/pkg/sentry/fsimpl/kernfs/symlink.go
index a0736c0d6..4adf76ce6 100644
--- a/pkg/sentry/fsimpl/kernfs/symlink.go
+++ b/pkg/sentry/fsimpl/kernfs/symlink.go
@@ -17,9 +17,9 @@ package kernfs
import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
"gvisor.dev/gvisor/pkg/sentry/vfs"
- "gvisor.dev/gvisor/pkg/syserror"
)
// StaticSymlink provides an Inode implementation for symlinks that point to
@@ -62,5 +62,5 @@ func (s *StaticSymlink) Getlink(context.Context, *vfs.Mount) (vfs.VirtualDentry,
// SetStat implements Inode.SetStat not allowing inode attributes to be changed.
func (*StaticSymlink) SetStat(context.Context, *vfs.Filesystem, *auth.Credentials, vfs.SetStatOptions) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
diff --git a/pkg/sentry/fsimpl/kernfs/synthetic_directory.go b/pkg/sentry/fsimpl/kernfs/synthetic_directory.go
index 11694c392..c91d23b56 100644
--- a/pkg/sentry/fsimpl/kernfs/synthetic_directory.go
+++ b/pkg/sentry/fsimpl/kernfs/synthetic_directory.go
@@ -19,9 +19,9 @@ import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
"gvisor.dev/gvisor/pkg/sentry/vfs"
- "gvisor.dev/gvisor/pkg/syserror"
)
// syntheticDirectory implements kernfs.Inode for a directory created by
@@ -65,13 +65,13 @@ func (dir *syntheticDirectory) Open(ctx context.Context, rp *vfs.ResolvingPath,
// NewFile implements Inode.NewFile.
func (dir *syntheticDirectory) NewFile(ctx context.Context, name string, opts vfs.OpenOptions) (Inode, error) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
// NewDir implements Inode.NewDir.
func (dir *syntheticDirectory) NewDir(ctx context.Context, name string, opts vfs.MkdirOptions) (Inode, error) {
if !opts.ForSyntheticMountpoint {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
subdirI := newSyntheticDirectory(ctx, auth.CredentialsFromContext(ctx), opts.Mode&linux.PermissionsMask)
if err := dir.OrderedChildren.Insert(name, subdirI); err != nil {
@@ -84,17 +84,17 @@ func (dir *syntheticDirectory) NewDir(ctx context.Context, name string, opts vfs
// NewLink implements Inode.NewLink.
func (dir *syntheticDirectory) NewLink(ctx context.Context, name string, target Inode) (Inode, error) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
// NewSymlink implements Inode.NewSymlink.
func (dir *syntheticDirectory) NewSymlink(ctx context.Context, name, target string) (Inode, error) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
// NewNode implements Inode.NewNode.
func (dir *syntheticDirectory) NewNode(ctx context.Context, name string, opts vfs.MknodOptions) (Inode, error) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
// DecRef implements Inode.DecRef.
diff --git a/pkg/sentry/fsimpl/overlay/copy_up.go b/pkg/sentry/fsimpl/overlay/copy_up.go
index 8fd51e9d0..532e73457 100644
--- a/pkg/sentry/fsimpl/overlay/copy_up.go
+++ b/pkg/sentry/fsimpl/overlay/copy_up.go
@@ -52,7 +52,7 @@ func (d *dentry) copyUpLocked(ctx context.Context) error {
// Can be copied-up.
default:
// Can't be copied-up.
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Ensure that our parent directory is copied-up.
diff --git a/pkg/sentry/fsimpl/overlay/filesystem.go b/pkg/sentry/fsimpl/overlay/filesystem.go
index e792677f5..20d56f0d8 100644
--- a/pkg/sentry/fsimpl/overlay/filesystem.go
+++ b/pkg/sentry/fsimpl/overlay/filesystem.go
@@ -625,7 +625,7 @@ func (fs *filesystem) LinkAt(ctx context.Context, rp *vfs.ResolvingPath, vd vfs.
}
old := vd.Dentry().Impl().(*dentry)
if old.isDir() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if err := old.copyUpLocked(ctx); err != nil {
return err
@@ -726,7 +726,7 @@ func (fs *filesystem) MknodAt(ctx context.Context, rp *vfs.ResolvingPath, opts v
return fs.doCreateAt(ctx, rp, false /* dir */, func(parent *dentry, childName string, haveUpperWhiteout bool) error {
// Disallow attempts to create whiteouts.
if opts.Mode&linux.S_IFMT == linux.S_IFCHR && opts.DevMajor == 0 && opts.DevMinor == 0 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
vfsObj := fs.vfsfs.VirtualFilesystem()
pop := vfs.PathOperation{
diff --git a/pkg/sentry/fsimpl/pipefs/pipefs.go b/pkg/sentry/fsimpl/pipefs/pipefs.go
index 08aedc2ad..af09195a7 100644
--- a/pkg/sentry/fsimpl/pipefs/pipefs.go
+++ b/pkg/sentry/fsimpl/pipefs/pipefs.go
@@ -21,6 +21,7 @@ import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/fspath"
"gvisor.dev/gvisor/pkg/hostarch"
"gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs"
@@ -28,7 +29,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/kernel/pipe"
ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
"gvisor.dev/gvisor/pkg/sentry/vfs"
- "gvisor.dev/gvisor/pkg/syserror"
)
// +stateify savable
@@ -152,7 +152,7 @@ func (i *inode) SetStat(ctx context.Context, vfsfs *vfs.Filesystem, creds *auth.
if opts.Stat.Mask == 0 {
return nil
}
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Open implements kernfs.Inode.Open.
diff --git a/pkg/sentry/fsimpl/proc/subtasks.go b/pkg/sentry/fsimpl/proc/subtasks.go
index c53cc0122..d99f90b36 100644
--- a/pkg/sentry/fsimpl/proc/subtasks.go
+++ b/pkg/sentry/fsimpl/proc/subtasks.go
@@ -20,6 +20,7 @@ import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs"
"gvisor.dev/gvisor/pkg/sentry/kernel"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
@@ -180,7 +181,7 @@ func (i *subtasksInode) Stat(ctx context.Context, vsfs *vfs.Filesystem, opts vfs
// SetStat implements kernfs.Inode.SetStat not allowing inode attributes to be changed.
func (*subtasksInode) SetStat(context.Context, *vfs.Filesystem, *auth.Credentials, vfs.SetStatOptions) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// DecRef implements kernfs.Inode.DecRef.
diff --git a/pkg/sentry/fsimpl/proc/task.go b/pkg/sentry/fsimpl/proc/task.go
index d05cc1508..4577bfe2e 100644
--- a/pkg/sentry/fsimpl/proc/task.go
+++ b/pkg/sentry/fsimpl/proc/task.go
@@ -20,6 +20,7 @@ import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/fsimpl/kernfs"
"gvisor.dev/gvisor/pkg/sentry/kernel"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
@@ -124,7 +125,7 @@ func (i *taskInode) Open(ctx context.Context, rp *vfs.ResolvingPath, d *kernfs.D
// SetStat implements kernfs.Inode.SetStat not allowing inode attributes to be changed.
func (*taskInode) SetStat(context.Context, *vfs.Filesystem, *auth.Credentials, vfs.SetStatOptions) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// DecRef implements kernfs.Inode.DecRef.
diff --git a/pkg/sentry/fsimpl/proc/task_files.go b/pkg/sentry/fsimpl/proc/task_files.go
index 9187f5b11..3cd9628c7 100644
--- a/pkg/sentry/fsimpl/proc/task_files.go
+++ b/pkg/sentry/fsimpl/proc/task_files.go
@@ -71,7 +71,7 @@ func getMMIncRef(task *kernel.Task) (*mm.MemoryManager, error) {
func checkTaskState(t *kernel.Task) error {
switch t.ExitState() {
case kernel.TaskExitZombie:
- return syserror.EACCES
+ return linuxerr.EACCES
case kernel.TaskExitDead:
return syserror.ESRCH
}
@@ -409,7 +409,7 @@ func (f *memInode) Open(ctx context.Context, rp *vfs.ResolvingPath, d *kernfs.De
// Permission to read this file is governed by PTRACE_MODE_ATTACH_FSCREDS
// Since we dont implement setfsuid/setfsgid we can just use PTRACE_MODE_ATTACH
if !kernel.ContextCanTrace(ctx, f.task, true) {
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
if err := checkTaskState(f.task); err != nil {
return nil, err
@@ -423,7 +423,7 @@ func (f *memInode) Open(ctx context.Context, rp *vfs.ResolvingPath, d *kernfs.De
// SetStat implements kernfs.Inode.SetStat.
func (*memInode) SetStat(context.Context, *vfs.Filesystem, *auth.Credentials, vfs.SetStatOptions) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
var _ vfs.FileDescriptionImpl = (*memFD)(nil)
@@ -513,7 +513,7 @@ func (fd *memFD) Stat(ctx context.Context, opts vfs.StatOptions) (linux.Statx, e
// SetStat implements vfs.FileDescriptionImpl.SetStat.
func (fd *memFD) SetStat(context.Context, vfs.SetStatOptions) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Release implements vfs.FileDescriptionImpl.Release.
@@ -837,7 +837,7 @@ func (s *exeSymlink) Readlink(ctx context.Context, _ *vfs.Mount) (string, error)
// Getlink implements kernfs.Inode.Getlink.
func (s *exeSymlink) Getlink(ctx context.Context, _ *vfs.Mount) (vfs.VirtualDentry, string, error) {
if !kernel.ContextCanTrace(ctx, s.task, false) {
- return vfs.VirtualDentry{}, "", syserror.EACCES
+ return vfs.VirtualDentry{}, "", linuxerr.EACCES
}
if err := checkTaskState(s.task); err != nil {
return vfs.VirtualDentry{}, "", err
@@ -848,7 +848,7 @@ func (s *exeSymlink) Getlink(ctx context.Context, _ *vfs.Mount) (vfs.VirtualDent
s.task.WithMuLocked(func(t *kernel.Task) {
mm := t.MemoryManager()
if mm == nil {
- err = syserror.EACCES
+ err = linuxerr.EACCES
return
}
@@ -913,7 +913,7 @@ func (s *cwdSymlink) Readlink(ctx context.Context, _ *vfs.Mount) (string, error)
// Getlink implements kernfs.Inode.Getlink.
func (s *cwdSymlink) Getlink(ctx context.Context, _ *vfs.Mount) (vfs.VirtualDentry, string, error) {
if !kernel.ContextCanTrace(ctx, s.task, false) {
- return vfs.VirtualDentry{}, "", syserror.EACCES
+ return vfs.VirtualDentry{}, "", linuxerr.EACCES
}
if err := checkTaskState(s.task); err != nil {
return vfs.VirtualDentry{}, "", err
diff --git a/pkg/sentry/fsimpl/proc/tasks_files.go b/pkg/sentry/fsimpl/proc/tasks_files.go
index 2def1ca48..03bed22a3 100644
--- a/pkg/sentry/fsimpl/proc/tasks_files.go
+++ b/pkg/sentry/fsimpl/proc/tasks_files.go
@@ -70,7 +70,7 @@ func (s *selfSymlink) Getlink(ctx context.Context, mnt *vfs.Mount) (vfs.VirtualD
// SetStat implements kernfs.Inode.SetStat not allowing inode attributes to be changed.
func (*selfSymlink) SetStat(context.Context, *vfs.Filesystem, *auth.Credentials, vfs.SetStatOptions) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// +stateify savable
@@ -112,7 +112,7 @@ func (s *threadSelfSymlink) Getlink(ctx context.Context, mnt *vfs.Mount) (vfs.Vi
// SetStat implements kernfs.Inode.SetStat not allowing inode attributes to be changed.
func (*threadSelfSymlink) SetStat(context.Context, *vfs.Filesystem, *auth.Credentials, vfs.SetStatOptions) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// dynamicBytesFileSetAttr implements a special file that allows inode
diff --git a/pkg/sentry/fsimpl/sys/sys.go b/pkg/sentry/fsimpl/sys/sys.go
index 546f54a5a..f322d2747 100644
--- a/pkg/sentry/fsimpl/sys/sys.go
+++ b/pkg/sentry/fsimpl/sys/sys.go
@@ -29,7 +29,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/kernel"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
"gvisor.dev/gvisor/pkg/sentry/vfs"
- "gvisor.dev/gvisor/pkg/syserror"
)
const (
@@ -175,7 +174,7 @@ func (fs *filesystem) newDir(ctx context.Context, creds *auth.Credentials, mode
// SetStat implements kernfs.Inode.SetStat not allowing inode attributes to be changed.
func (*dir) SetStat(context.Context, *vfs.Filesystem, *auth.Credentials, vfs.SetStatOptions) error {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Open implements kernfs.Inode.Open.
diff --git a/pkg/sentry/fsimpl/tmpfs/filesystem.go b/pkg/sentry/fsimpl/tmpfs/filesystem.go
index 590f7118a..0a7e7b444 100644
--- a/pkg/sentry/fsimpl/tmpfs/filesystem.go
+++ b/pkg/sentry/fsimpl/tmpfs/filesystem.go
@@ -252,7 +252,7 @@ func (fs *filesystem) LinkAt(ctx context.Context, rp *vfs.ResolvingPath, vd vfs.
d := vd.Dentry().Impl().(*dentry)
i := d.inode
if i.isDir() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if err := vfs.MayLink(auth.CredentialsFromContext(ctx), linux.FileMode(atomic.LoadUint32(&i.mode)), auth.KUID(atomic.LoadUint32(&i.uid)), auth.KGID(atomic.LoadUint32(&i.gid))); err != nil {
return err
diff --git a/pkg/sentry/fsimpl/tmpfs/regular_file.go b/pkg/sentry/fsimpl/tmpfs/regular_file.go
index 0bc1911d9..55a347c1c 100644
--- a/pkg/sentry/fsimpl/tmpfs/regular_file.go
+++ b/pkg/sentry/fsimpl/tmpfs/regular_file.go
@@ -186,7 +186,7 @@ func (rf *regularFile) truncateLocked(newSize uint64) (bool, error) {
// Can we grow the file?
if rf.seals&linux.F_SEAL_GROW != 0 {
rf.dataMu.Unlock()
- return false, syserror.EPERM
+ return false, linuxerr.EPERM
}
// We only need to update the file size.
atomic.StoreUint64(&rf.size, newSize)
@@ -197,7 +197,7 @@ func (rf *regularFile) truncateLocked(newSize uint64) (bool, error) {
// We are shrinking the file. First check if this is allowed.
if rf.seals&linux.F_SEAL_SHRINK != 0 {
rf.dataMu.Unlock()
- return false, syserror.EPERM
+ return false, linuxerr.EPERM
}
// Update the file size.
@@ -234,7 +234,7 @@ func (rf *regularFile) AddMapping(ctx context.Context, ms memmap.MappingSpace, a
// Reject writable mapping if F_SEAL_WRITE is set.
if rf.seals&linux.F_SEAL_WRITE != 0 && writable {
- return syserror.EPERM
+ return linuxerr.EPERM
}
rf.mappings.AddMapping(ms, ar, offset, writable)
@@ -595,7 +595,7 @@ func (rw *regularFileReadWriter) WriteFromBlocks(srcs safemem.BlockSeq) (uint64,
// Check if seals prevent either file growth or all writes.
switch {
case rw.file.seals&linux.F_SEAL_WRITE != 0: // Write sealed
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
case end > rw.file.size && rw.file.seals&linux.F_SEAL_GROW != 0: // Grow sealed
// When growth is sealed, Linux effectively allows writes which would
// normally grow the file to partially succeed up to the current EOF,
@@ -616,7 +616,7 @@ func (rw *regularFileReadWriter) WriteFromBlocks(srcs safemem.BlockSeq) (uint64,
}
if end <= rw.off {
// Truncation would result in no data being written.
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
}
@@ -707,7 +707,7 @@ func AddSeals(fd *vfs.FileDescription, val uint32) error {
if rf.seals&linux.F_SEAL_SEAL != 0 {
// Seal applied which prevents addition of any new seals.
- return syserror.EPERM
+ return linuxerr.EPERM
}
// F_SEAL_WRITE can only be added if there are no active writable maps.
diff --git a/pkg/sentry/fsimpl/tmpfs/tmpfs.go b/pkg/sentry/fsimpl/tmpfs/tmpfs.go
index bc40aad0d..4d6731852 100644
--- a/pkg/sentry/fsimpl/tmpfs/tmpfs.go
+++ b/pkg/sentry/fsimpl/tmpfs/tmpfs.go
@@ -528,7 +528,7 @@ func (i *inode) setStat(ctx context.Context, creds *auth.Credentials, opts *vfs.
return nil
}
if stat.Mask&^(linux.STATX_MODE|linux.STATX_UID|linux.STATX_GID|linux.STATX_ATIME|linux.STATX_MTIME|linux.STATX_CTIME|linux.STATX_SIZE) != 0 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
mode := linux.FileMode(atomic.LoadUint32(&i.mode))
if err := vfs.CheckSetStat(ctx, creds, opts, mode, auth.KUID(atomic.LoadUint32(&i.uid)), auth.KGID(atomic.LoadUint32(&i.gid))); err != nil {
diff --git a/pkg/sentry/fsimpl/verity/filesystem.go b/pkg/sentry/fsimpl/verity/filesystem.go
index b5735a86d..058eede42 100644
--- a/pkg/sentry/fsimpl/verity/filesystem.go
+++ b/pkg/sentry/fsimpl/verity/filesystem.go
@@ -830,7 +830,7 @@ func (d *dentry) openLocked(ctx context.Context, rp *vfs.ResolvingPath, opts *vf
// Users should not open the Merkle tree files. Those are for verity fs
// use only.
if strings.Contains(d.name, merklePrefix) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
ats := vfs.AccessTypesForOpenFlags(opts)
if err := d.checkPermissions(rp.Credentials(), ats); err != nil {
diff --git a/pkg/sentry/fsimpl/verity/verity.go b/pkg/sentry/fsimpl/verity/verity.go
index 2227b542a..3bfe40204 100644
--- a/pkg/sentry/fsimpl/verity/verity.go
+++ b/pkg/sentry/fsimpl/verity/verity.go
@@ -876,7 +876,7 @@ func (fd *fileDescription) Stat(ctx context.Context, opts vfs.StatOptions) (linu
// SetStat implements vfs.FileDescriptionImpl.SetStat.
func (fd *fileDescription) SetStat(ctx context.Context, opts vfs.SetStatOptions) error {
// Verity files are read-only.
- return syserror.EPERM
+ return linuxerr.EPERM
}
// IterDirents implements vfs.FileDescriptionImpl.IterDirents.
@@ -1077,7 +1077,7 @@ func (fd *fileDescription) recordChildrenLocked(ctx context.Context) error {
// and stores its hash in its parent directory's Merkle tree.
func (fd *fileDescription) enableVerity(ctx context.Context) (uintptr, error) {
if !fd.d.fs.allowRuntimeEnable {
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
fd.d.fs.verityMu.Lock()
diff --git a/pkg/sentry/kernel/auth/credentials.go b/pkg/sentry/kernel/auth/credentials.go
index 32c344399..fc245c54b 100644
--- a/pkg/sentry/kernel/auth/credentials.go
+++ b/pkg/sentry/kernel/auth/credentials.go
@@ -17,7 +17,6 @@ package auth
import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/errors/linuxerr"
- "gvisor.dev/gvisor/pkg/syserror"
)
// Credentials contains information required to authorize privileged operations
@@ -215,7 +214,7 @@ func (c *Credentials) UseUID(uid UID) (KUID, error) {
if kuid == c.RealKUID || kuid == c.EffectiveKUID || kuid == c.SavedKUID {
return kuid, nil
}
- return NoID, syserror.EPERM
+ return NoID, linuxerr.EPERM
}
// UseGID checks that c can use gid in its user namespace, then translates it
@@ -231,7 +230,7 @@ func (c *Credentials) UseGID(gid GID) (KGID, error) {
if kgid == c.RealKGID || kgid == c.EffectiveKGID || kgid == c.SavedKGID {
return kgid, nil
}
- return NoID, syserror.EPERM
+ return NoID, linuxerr.EPERM
}
// SetUID translates the provided uid to the root user namespace and updates c's
diff --git a/pkg/sentry/kernel/auth/id_map.go b/pkg/sentry/kernel/auth/id_map.go
index 955b6d40b..f06a374a0 100644
--- a/pkg/sentry/kernel/auth/id_map.go
+++ b/pkg/sentry/kernel/auth/id_map.go
@@ -18,7 +18,6 @@ import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/errors/linuxerr"
- "gvisor.dev/gvisor/pkg/syserror"
)
// MapFromKUID translates kuid, a UID in the root namespace, to a UID in ns.
@@ -107,7 +106,7 @@ func (ns *UserNamespace) SetUIDMap(ctx context.Context, entries []IDMapEntry) er
// than once to a uid_map file in a user namespace fails with the error
// EPERM. Similar rules apply for gid_map files." - user_namespaces(7)
if !ns.uidMapFromParent.IsEmpty() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// "At least one line must be written to the file."
if len(entries) == 0 {
@@ -122,12 +121,12 @@ func (ns *UserNamespace) SetUIDMap(ctx context.Context, entries []IDMapEntry) er
// in the user namespace of the process pid.
// """
if !c.HasCapabilityIn(linux.CAP_SETUID, ns) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// "2. The writing process must either be in the user namespace of the process
// pid or be in the parent user namespace of the process pid."
if c.UserNamespace != ns && c.UserNamespace != ns.parent {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// """
// 3. (see trySetUIDMap)
@@ -146,14 +145,14 @@ func (ns *UserNamespace) SetUIDMap(ctx context.Context, entries []IDMapEntry) er
// parent user namespace to a user ID (group ID) in the user namespace.
// """
if len(entries) != 1 || ns.parent.MapToKUID(UID(entries[0].FirstParentID)) != c.EffectiveKUID || entries[0].Length != 1 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// """
// + The writing process must have the same effective user ID as the
// process that created the user namespace.
// """
if c.EffectiveKUID != ns.owner {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
// trySetUIDMap leaves data in maps if it fails.
@@ -183,7 +182,7 @@ func (ns *UserNamespace) trySetUIDMap(entries []IDMapEntry) error {
// mappings when it's created, so SetUIDMap would have returned EPERM
// without reaching this point if ns is root.
if !ns.parent.allIDsMapped(&ns.parent.uidMapToParent, e.FirstParentID, lastParentID) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// If either of these Adds fail, we have an overlapping range.
if !ns.uidMapFromParent.Add(idMapRange{e.FirstParentID, lastParentID}, e.FirstID) {
@@ -203,24 +202,24 @@ func (ns *UserNamespace) SetGIDMap(ctx context.Context, entries []IDMapEntry) er
ns.mu.Lock()
defer ns.mu.Unlock()
if !ns.gidMapFromParent.IsEmpty() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if len(entries) == 0 {
return linuxerr.EINVAL
}
if !c.HasCapabilityIn(linux.CAP_SETGID, ns) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if c.UserNamespace != ns && c.UserNamespace != ns.parent {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if !c.HasCapabilityIn(linux.CAP_SETGID, ns.parent) {
if len(entries) != 1 || ns.parent.MapToKGID(GID(entries[0].FirstParentID)) != c.EffectiveKGID || entries[0].Length != 1 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// It's correct for this to still be UID.
if c.EffectiveKUID != ns.owner {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// "In the case of gid_map, use of the setgroups(2) system call must
// first be denied by writing "deny" to the /proc/[pid]/setgroups file
@@ -247,7 +246,7 @@ func (ns *UserNamespace) trySetGIDMap(entries []IDMapEntry) error {
return linuxerr.EINVAL
}
if !ns.parent.allIDsMapped(&ns.parent.gidMapToParent, e.FirstParentID, lastParentID) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if !ns.gidMapFromParent.Add(idMapRange{e.FirstParentID, lastParentID}, e.FirstID) {
return linuxerr.EINVAL
diff --git a/pkg/sentry/kernel/auth/user_namespace.go b/pkg/sentry/kernel/auth/user_namespace.go
index 9dd52c860..bec0c28cd 100644
--- a/pkg/sentry/kernel/auth/user_namespace.go
+++ b/pkg/sentry/kernel/auth/user_namespace.go
@@ -17,6 +17,7 @@ package auth
import (
"math"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sync"
"gvisor.dev/gvisor/pkg/syserror"
)
@@ -114,10 +115,10 @@ func (c *Credentials) NewChildUserNamespace() (*UserNamespace, error) {
// process are mapped to user IDs and group IDs in the user namespace of
// the calling process at the time of the call." - unshare(2)
if !c.EffectiveKUID.In(c.UserNamespace).Ok() {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
if !c.EffectiveKGID.In(c.UserNamespace).Ok() {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
return &UserNamespace{
parent: c.UserNamespace,
diff --git a/pkg/sentry/kernel/futex/futex.go b/pkg/sentry/kernel/futex/futex.go
index 5c64ce11e..52fc6f2b7 100644
--- a/pkg/sentry/kernel/futex/futex.go
+++ b/pkg/sentry/kernel/futex/futex.go
@@ -746,7 +746,7 @@ func (m *Manager) unlockPILocked(t Target, addr hostarch.Addr, tid uint32, b *bu
}
if (cur & linux.FUTEX_TID_MASK) != tid {
- return syserror.EPERM
+ return linuxerr.EPERM
}
var next *Waiter // Who's the next owner?
diff --git a/pkg/sentry/kernel/pipe/pipe.go b/pkg/sentry/kernel/pipe/pipe.go
index 979ea10bf..4d68a6e4a 100644
--- a/pkg/sentry/kernel/pipe/pipe.go
+++ b/pkg/sentry/kernel/pipe/pipe.go
@@ -435,7 +435,7 @@ func (p *Pipe) SetFifoSize(size int64) (int64, error) {
size = MinimumPipeSize // Per spec.
}
if size > MaximumPipeSize {
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
p.mu.Lock()
defer p.mu.Unlock()
diff --git a/pkg/sentry/kernel/ptrace.go b/pkg/sentry/kernel/ptrace.go
index 1c6100efe..cdaee5d7f 100644
--- a/pkg/sentry/kernel/ptrace.go
+++ b/pkg/sentry/kernel/ptrace.go
@@ -482,7 +482,7 @@ func (t *Task) ptraceTraceme() error {
t.tg.pidns.owner.mu.Lock()
defer t.tg.pidns.owner.mu.Unlock()
if t.hasTracer() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if t.parent == nil {
// In Linux, only init can not have a parent, and init is assumed never
@@ -498,7 +498,7 @@ func (t *Task) ptraceTraceme() error {
return nil
}
if !t.parent.canTraceLocked(t, true) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if t.parent.exitState != TaskExitNone {
// Fail silently, as if we were successfully attached but then
@@ -514,21 +514,21 @@ func (t *Task) ptraceTraceme() error {
// ptrace(PTRACE_SEIZE, target, 0, opts) if seize is true. t is the caller.
func (t *Task) ptraceAttach(target *Task, seize bool, opts uintptr) error {
if t.tg == target.tg {
- return syserror.EPERM
+ return linuxerr.EPERM
}
t.tg.pidns.owner.mu.Lock()
defer t.tg.pidns.owner.mu.Unlock()
if !t.canTraceLocked(target, true) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if target.hasTracer() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Attaching to zombies and dead tasks is not permitted; the exit
// notification logic relies on this. Linux allows attaching to PF_EXITING
// tasks, though.
if target.exitState >= TaskExitZombie {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if seize {
if err := target.ptraceSetOptionsLocked(opts); err != nil {
diff --git a/pkg/sentry/kernel/rseq.go b/pkg/sentry/kernel/rseq.go
index 2344565cd..47babaa7a 100644
--- a/pkg/sentry/kernel/rseq.go
+++ b/pkg/sentry/kernel/rseq.go
@@ -113,7 +113,7 @@ func (t *Task) ClearRSeq(addr hostarch.Addr, length, signature uint32) error {
return linuxerr.EINVAL
}
if t.rseqSignature != signature {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if err := t.rseqClearCPU(); err != nil {
diff --git a/pkg/sentry/kernel/semaphore/semaphore.go b/pkg/sentry/kernel/semaphore/semaphore.go
index 2dbc8353a..dda22cfb8 100644
--- a/pkg/sentry/kernel/semaphore/semaphore.go
+++ b/pkg/sentry/kernel/semaphore/semaphore.go
@@ -143,7 +143,7 @@ func (r *Registry) FindOrCreate(ctx context.Context, key, nsems int32, mode linu
// Check that caller can access semaphore set.
creds := auth.CredentialsFromContext(ctx)
if !set.checkPerms(creds, fs.PermsFromMode(mode)) {
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
// Validate parameters.
@@ -253,7 +253,7 @@ func (r *Registry) RemoveID(id int32, creds *auth.Credentials) error {
// "The effective user ID of the calling process must match the creator or
// owner of the semaphore set, or the caller must be privileged."
if !set.checkCredentials(creds) && !set.checkCapability(creds) {
- return syserror.EACCES
+ return linuxerr.EACCES
}
delete(r.semaphores, set.ID)
@@ -371,7 +371,7 @@ func (s *Set) Change(ctx context.Context, creds *auth.Credentials, owner fs.File
// "The effective UID of the calling process must match the owner or creator
// of the semaphore set, or the caller must be privileged."
if !s.checkCredentials(creds) && !s.checkCapability(creds) {
- return syserror.EACCES
+ return linuxerr.EACCES
}
s.owner = owner
@@ -396,7 +396,7 @@ func (s *Set) semStat(creds *auth.Credentials, permMask fs.PermMask) (*linux.Sem
defer s.mu.Unlock()
if !s.checkPerms(creds, permMask) {
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
return &linux.SemidDS{
@@ -426,7 +426,7 @@ func (s *Set) SetVal(ctx context.Context, num int32, val int16, creds *auth.Cred
// "The calling process must have alter permission on the semaphore set."
if !s.checkPerms(creds, fs.PermMask{Write: true}) {
- return syserror.EACCES
+ return linuxerr.EACCES
}
sem := s.findSem(num)
@@ -462,7 +462,7 @@ func (s *Set) SetValAll(ctx context.Context, vals []uint16, creds *auth.Credenti
// "The calling process must have alter permission on the semaphore set."
if !s.checkPerms(creds, fs.PermMask{Write: true}) {
- return syserror.EACCES
+ return linuxerr.EACCES
}
for i, val := range vals {
@@ -484,7 +484,7 @@ func (s *Set) GetVal(num int32, creds *auth.Credentials) (int16, error) {
// "The calling process must have read permission on the semaphore set."
if !s.checkPerms(creds, fs.PermMask{Read: true}) {
- return 0, syserror.EACCES
+ return 0, linuxerr.EACCES
}
sem := s.findSem(num)
@@ -501,7 +501,7 @@ func (s *Set) GetValAll(creds *auth.Credentials) ([]uint16, error) {
// "The calling process must have read permission on the semaphore set."
if !s.checkPerms(creds, fs.PermMask{Read: true}) {
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
vals := make([]uint16, s.Size())
@@ -518,7 +518,7 @@ func (s *Set) GetPID(num int32, creds *auth.Credentials) (int32, error) {
// "The calling process must have read permission on the semaphore set."
if !s.checkPerms(creds, fs.PermMask{Read: true}) {
- return 0, syserror.EACCES
+ return 0, linuxerr.EACCES
}
sem := s.findSem(num)
@@ -534,7 +534,7 @@ func (s *Set) countWaiters(num int32, creds *auth.Credentials, pred func(w *wait
// The calling process must have read permission on the semaphore set.
if !s.checkPerms(creds, fs.PermMask{Read: true}) {
- return 0, syserror.EACCES
+ return 0, linuxerr.EACCES
}
sem := s.findSem(num)
@@ -590,7 +590,7 @@ func (s *Set) ExecuteOps(ctx context.Context, ops []linux.Sembuf, creds *auth.Cr
}
if !s.checkPerms(creds, fs.PermMask{Read: readOnly, Write: !readOnly}) {
- return nil, 0, syserror.EACCES
+ return nil, 0, linuxerr.EACCES
}
ch, num, err := s.executeOps(ctx, ops, pid)
diff --git a/pkg/sentry/kernel/sessions.go b/pkg/sentry/kernel/sessions.go
index 973d708a3..c0c1f1f13 100644
--- a/pkg/sentry/kernel/sessions.go
+++ b/pkg/sentry/kernel/sessions.go
@@ -16,6 +16,7 @@ package kernel
import (
"gvisor.dev/gvisor/pkg/abi/linux"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/syserror"
)
@@ -277,14 +278,14 @@ func (tg *ThreadGroup) createSession() error {
continue
}
if s.leader == tg {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if s.id == SessionID(id) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
for pg := s.processGroups.Front(); pg != nil; pg = pg.Next() {
if pg.id == ProcessGroupID(id) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
}
@@ -380,11 +381,11 @@ func (tg *ThreadGroup) CreateProcessGroup() error {
continue
}
if s.leader == tg {
- return syserror.EPERM
+ return linuxerr.EPERM
}
for pg := s.processGroups.Front(); pg != nil; pg = pg.Next() {
if pg.id == ProcessGroupID(id) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
}
@@ -442,17 +443,17 @@ func (tg *ThreadGroup) JoinProcessGroup(pidns *PIDNamespace, pgid ProcessGroupID
// Lookup the ProcessGroup.
pg := pidns.processGroups[pgid]
if pg == nil {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Disallow the join if an execve has performed, per POSIX.
if checkExec && tg.execed {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// See if it's in the same session as ours.
if pg.session != tg.processGroup.session {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Join the group; adjust children.
diff --git a/pkg/sentry/kernel/shm/shm.go b/pkg/sentry/kernel/shm/shm.go
index 7a6e91004..9c66b90ef 100644
--- a/pkg/sentry/kernel/shm/shm.go
+++ b/pkg/sentry/kernel/shm/shm.go
@@ -170,7 +170,7 @@ func (r *Registry) FindOrCreate(ctx context.Context, pid int32, key Key, size ui
// memory segment, and does not have the CAP_IPC_OWNER
// capability in the user namespace that governs its IPC
// namespace." - man shmget(2)
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
if size > shm.size {
@@ -559,7 +559,7 @@ func (s *Shm) ConfigureAttach(ctx context.Context, addr hostarch.Addr, opts Atta
// "The calling process does not have the required permissions for the
// requested attach type, and does not have the CAP_IPC_OWNER capability
// in the user namespace that governs its IPC namespace." - man shmat(2)
- return memmap.MMapOpts{}, syserror.EACCES
+ return memmap.MMapOpts{}, linuxerr.EACCES
}
return memmap.MMapOpts{
Length: s.size,
@@ -596,7 +596,7 @@ func (s *Shm) IPCStat(ctx context.Context) (*linux.ShmidDS, error) {
// read access for shmid, and the calling process does not have the
// CAP_IPC_OWNER capability in the user namespace that governs its IPC
// namespace." - man shmctl(2)
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
var mode uint16
@@ -646,7 +646,7 @@ func (s *Shm) Set(ctx context.Context, ds *linux.ShmidDS) error {
defer s.mu.Unlock()
if !s.checkOwnership(ctx) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
creds := auth.CredentialsFromContext(ctx)
diff --git a/pkg/sentry/kernel/task_clone.go b/pkg/sentry/kernel/task_clone.go
index 76fb0e2cb..7e1347aa6 100644
--- a/pkg/sentry/kernel/task_clone.go
+++ b/pkg/sentry/kernel/task_clone.go
@@ -23,7 +23,6 @@ import (
"gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/hostarch"
"gvisor.dev/gvisor/pkg/sentry/inet"
- "gvisor.dev/gvisor/pkg/syserror"
"gvisor.dev/gvisor/pkg/usermem"
)
@@ -183,7 +182,7 @@ func (t *Task) Clone(opts *CloneOptions) (ThreadID, *SyscallControl, error) {
// in which it resides)." - clone(2). Neither chroot(2) nor
// user_namespaces(7) document this.
if t.IsChrooted() {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
userns, err = creds.NewChildUserNamespace()
if err != nil {
@@ -191,7 +190,7 @@ func (t *Task) Clone(opts *CloneOptions) (ThreadID, *SyscallControl, error) {
}
}
if (opts.NewPIDNamespace || opts.NewNetworkNamespace || opts.NewUTSNamespace) && !creds.HasCapabilityIn(linux.CAP_SYS_ADMIN, userns) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
utsns := t.UTSNamespace()
@@ -242,7 +241,7 @@ func (t *Task) Clone(opts *CloneOptions) (ThreadID, *SyscallControl, error) {
}
if opts.SetTLS {
if !image.Arch.SetTLS(uintptr(opts.TLS)) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
}
@@ -479,7 +478,7 @@ func (t *Task) Unshare(opts *SharingOptions) error {
}
if opts.NewUserNamespace {
if t.IsChrooted() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
newUserNS, err := creds.NewChildUserNamespace()
if err != nil {
@@ -495,7 +494,7 @@ func (t *Task) Unshare(opts *SharingOptions) error {
haveCapSysAdmin := t.HasCapability(linux.CAP_SYS_ADMIN)
if opts.NewPIDNamespace {
if !haveCapSysAdmin {
- return syserror.EPERM
+ return linuxerr.EPERM
}
t.childPIDNamespace = t.tg.pidns.NewChild(t.UserNamespace())
}
@@ -504,14 +503,14 @@ func (t *Task) Unshare(opts *SharingOptions) error {
if opts.NewNetworkNamespace {
if !haveCapSysAdmin {
t.mu.Unlock()
- return syserror.EPERM
+ return linuxerr.EPERM
}
t.netns = inet.NewNamespace(t.netns)
}
if opts.NewUTSNamespace {
if !haveCapSysAdmin {
t.mu.Unlock()
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Note that this must happen after NewUserNamespace, so the
// new user namespace is used if there is one.
@@ -520,7 +519,7 @@ func (t *Task) Unshare(opts *SharingOptions) error {
if opts.NewIPCNamespace {
if !haveCapSysAdmin {
t.mu.Unlock()
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Note that "If CLONE_NEWIPC is set, then create the process in a new IPC
// namespace"
diff --git a/pkg/sentry/kernel/task_identity.go b/pkg/sentry/kernel/task_identity.go
index 29f154ebd..a9067b682 100644
--- a/pkg/sentry/kernel/task_identity.go
+++ b/pkg/sentry/kernel/task_identity.go
@@ -19,7 +19,6 @@ import (
"gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
"gvisor.dev/gvisor/pkg/sentry/mm"
- "gvisor.dev/gvisor/pkg/syserror"
)
// Credentials returns t's credentials.
@@ -71,7 +70,7 @@ func (t *Task) SetUID(uid auth.UID) error {
// capability) and uid does not match the real UID or saved set-user-ID of
// the calling process."
if kuid != creds.RealKUID && kuid != creds.SavedKUID {
- return syserror.EPERM
+ return linuxerr.EPERM
}
t.setKUIDsUncheckedLocked(creds.RealKUID, kuid, creds.SavedKUID)
return nil
@@ -102,12 +101,12 @@ func (t *Task) SetREUID(r, e auth.UID) error {
// "Unprivileged processes may only set the effective user ID to the
// real user ID, the effective user ID, or the saved set-user-ID."
if newE != creds.RealKUID && newE != creds.EffectiveKUID && newE != creds.SavedKUID {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// "Unprivileged users may only set the real user ID to the real user
// ID or the effective user ID."
if newR != creds.RealKUID && newR != creds.EffectiveKUID {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
// "If the real user ID is set (i.e., ruid is not -1) or the effective user
@@ -240,7 +239,7 @@ func (t *Task) SetGID(gid auth.GID) error {
return nil
}
if kgid != creds.RealKGID && kgid != creds.SavedKGID {
- return syserror.EPERM
+ return linuxerr.EPERM
}
t.setKGIDsUncheckedLocked(creds.RealKGID, kgid, creds.SavedKGID)
return nil
@@ -268,10 +267,10 @@ func (t *Task) SetREGID(r, e auth.GID) error {
}
if !creds.HasCapability(linux.CAP_SETGID) {
if newE != creds.RealKGID && newE != creds.EffectiveKGID && newE != creds.SavedKGID {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if newR != creds.RealKGID && newR != creds.EffectiveKGID {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
newS := creds.SavedKGID
@@ -344,7 +343,7 @@ func (t *Task) SetExtraGIDs(gids []auth.GID) error {
defer t.mu.Unlock()
creds := t.Credentials()
if !creds.HasCapability(linux.CAP_SETGID) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
kgids := make([]auth.KGID, len(gids))
for i, gid := range gids {
@@ -368,25 +367,25 @@ func (t *Task) SetCapabilitySets(permitted, inheritable, effective auth.Capabili
// "Permitted: This is a limiting superset for the effective capabilities
// that the thread may assume." - capabilities(7)
if effective & ^permitted != 0 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
creds := t.Credentials()
// "It is also a limiting superset for the capabilities that may be added
// to the inheritable set by a thread that does not have the CAP_SETPCAP
// capability in its effective set."
if !creds.HasCapability(linux.CAP_SETPCAP) && (inheritable & ^(creds.InheritableCaps|creds.PermittedCaps) != 0) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// "If a thread drops a capability from its permitted set, it can never
// reacquire that capability (unless it execve(2)s ..."
if permitted & ^creds.PermittedCaps != 0 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// "... if a capability is not in the bounding set, then a thread can't add
// this capability to its inheritable set, even if it was in its permitted
// capabilities ..."
if inheritable & ^(creds.InheritableCaps|creds.BoundingCaps) != 0 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
creds = creds.Fork() // The credentials object is immutable. See doc for creds.
creds.PermittedCaps = permitted
@@ -403,7 +402,7 @@ func (t *Task) DropBoundingCapability(cp linux.Capability) error {
defer t.mu.Unlock()
creds := t.Credentials()
if !creds.HasCapability(linux.CAP_SETPCAP) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
creds = creds.Fork() // The credentials object is immutable. See doc for creds.
creds.BoundingCaps &^= auth.CapabilitySetOf(cp)
@@ -423,7 +422,7 @@ func (t *Task) SetUserNamespace(ns *auth.UserNamespace) error {
// If t just created ns, then t.creds is guaranteed to have CAP_SYS_ADMIN
// in ns (by rule 3 in auth.Credentials.HasCapability).
if !creds.HasCapabilityIn(linux.CAP_SYS_ADMIN, ns) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
creds = creds.Fork() // The credentials object is immutable. See doc for creds.
diff --git a/pkg/sentry/kernel/thread_group.go b/pkg/sentry/kernel/thread_group.go
index 8ae00c649..3ce11f542 100644
--- a/pkg/sentry/kernel/thread_group.go
+++ b/pkg/sentry/kernel/thread_group.go
@@ -372,7 +372,7 @@ func (tg *ThreadGroup) SetControllingTTY(tty *TTY, steal bool, isReadable bool)
if tty.tg != nil && tg.processGroup.session != tty.tg.processGroup.session {
// Stealing requires CAP_SYS_ADMIN in the root user namespace.
if !hasAdmin || !steal {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Steal the TTY away. Unlike TIOCNOTTY, don't send signals.
for othertg := range tg.pidns.owner.Root.tgids {
@@ -392,7 +392,7 @@ func (tg *ThreadGroup) SetControllingTTY(tty *TTY, steal bool, isReadable bool)
}
if !isReadable && !hasAdmin {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Set the controlling terminal and foreground process group.
@@ -514,7 +514,7 @@ func (tg *ThreadGroup) SetForegroundProcessGroup(tty *TTY, pgid ProcessGroupID)
// pg must be part of this process's session.
if tg.processGroup.session != pg.session {
- return -1, syserror.EPERM
+ return -1, linuxerr.EPERM
}
tg.processGroup.session.foreground.id = pgid
diff --git a/pkg/sentry/loader/elf.go b/pkg/sentry/loader/elf.go
index 13ab7ea23..1db6fbd76 100644
--- a/pkg/sentry/loader/elf.go
+++ b/pkg/sentry/loader/elf.go
@@ -477,7 +477,7 @@ func loadParsedELF(ctx context.Context, m *mm.MemoryManager, f fsbridge.File, in
// the open path would return a different
// error.
ctx.Infof("PT_INTERP path is empty: %v", path)
- return loadedELF{}, syserror.EACCES
+ return loadedELF{}, linuxerr.EACCES
}
}
}
diff --git a/pkg/sentry/loader/loader.go b/pkg/sentry/loader/loader.go
index 8240173ae..7dc884bd5 100644
--- a/pkg/sentry/loader/loader.go
+++ b/pkg/sentry/loader/loader.go
@@ -26,6 +26,7 @@ import (
"gvisor.dev/gvisor/pkg/abi/linux/errno"
"gvisor.dev/gvisor/pkg/context"
"gvisor.dev/gvisor/pkg/cpuid"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/hostarch"
"gvisor.dev/gvisor/pkg/rand"
"gvisor.dev/gvisor/pkg/sentry/arch"
@@ -113,7 +114,7 @@ func checkIsRegularFile(ctx context.Context, file fsbridge.File, filename string
}
if t != linux.ModeRegular {
ctx.Infof("%q is not a regular file: %v", filename, t)
- return syserror.EACCES
+ return linuxerr.EACCES
}
return nil
}
diff --git a/pkg/sentry/mm/syscalls.go b/pkg/sentry/mm/syscalls.go
index 7b6715815..b558d9900 100644
--- a/pkg/sentry/mm/syscalls.go
+++ b/pkg/sentry/mm/syscalls.go
@@ -106,7 +106,7 @@ func (mm *MemoryManager) MMap(ctx context.Context, opts memmap.MMapOpts) (hostar
}
if !opts.MaxPerms.SupersetOf(opts.Perms) {
- return 0, syserror.EACCES
+ return 0, linuxerr.EACCES
}
if opts.Unmap && !opts.Fixed {
return 0, linuxerr.EINVAL
@@ -645,7 +645,7 @@ func (mm *MemoryManager) MProtect(addr hostarch.Addr, length uint64, realPerms h
// Check for permission validity before splitting vmas, for consistency
// with Linux.
if !vseg.ValuePtr().maxPerms.SupersetOf(effectivePerms) {
- return syserror.EACCES
+ return linuxerr.EACCES
}
vseg = mm.vmas.Isolate(vseg, ar)
@@ -793,7 +793,7 @@ func (mm *MemoryManager) MLock(ctx context.Context, addr hostarch.Addr, length u
mlockLimit := limits.FromContext(ctx).Get(limits.MemoryLocked).Cur
if mlockLimit == 0 {
mm.mappingMu.Unlock()
- return syserror.EPERM
+ return linuxerr.EPERM
}
if newLockedAS := mm.lockedAS + uint64(ar.Length()) - mm.mlockedBytesRangeLocked(ar); newLockedAS > mlockLimit {
mm.mappingMu.Unlock()
@@ -912,7 +912,7 @@ func (mm *MemoryManager) MLockAll(ctx context.Context, opts MLockAllOpts) error
mlockLimit := limits.FromContext(ctx).Get(limits.MemoryLocked).Cur
if mlockLimit == 0 {
mm.mappingMu.Unlock()
- return syserror.EPERM
+ return linuxerr.EPERM
}
if uint64(mm.vmas.Span()) > mlockLimit {
mm.mappingMu.Unlock()
diff --git a/pkg/sentry/mm/vma.go b/pkg/sentry/mm/vma.go
index 0d019e41d..2847a59ae 100644
--- a/pkg/sentry/mm/vma.go
+++ b/pkg/sentry/mm/vma.go
@@ -19,6 +19,7 @@ import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/hostarch"
"gvisor.dev/gvisor/pkg/sentry/arch"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
@@ -66,7 +67,7 @@ func (mm *MemoryManager) createVMALocked(ctx context.Context, opts memmap.MMapOp
if creds := auth.CredentialsFromContext(ctx); !creds.HasCapabilityIn(linux.CAP_IPC_LOCK, creds.UserNamespace.Root()) {
mlockLimit := limits.FromContext(ctx).Get(limits.MemoryLocked).Cur
if mlockLimit == 0 {
- return vmaIterator{}, hostarch.AddrRange{}, syserror.EPERM
+ return vmaIterator{}, hostarch.AddrRange{}, linuxerr.EPERM
}
newLockedAS := mm.lockedAS + opts.Length
if opts.Unmap {
@@ -296,7 +297,7 @@ func (mm *MemoryManager) getVMAsLocked(ctx context.Context, ar hostarch.AddrRang
perms = vma.maxPerms
}
if !perms.SupersetOf(at) {
- return vbegin, vgap, syserror.EPERM
+ return vbegin, vgap, linuxerr.EPERM
}
addr = vseg.End()
diff --git a/pkg/sentry/pgalloc/pgalloc.go b/pkg/sentry/pgalloc/pgalloc.go
index d1a883da4..f7d5a1800 100644
--- a/pkg/sentry/pgalloc/pgalloc.go
+++ b/pkg/sentry/pgalloc/pgalloc.go
@@ -31,6 +31,7 @@ import (
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/hostarch"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/safemem"
@@ -674,7 +675,7 @@ func (f *MemoryFile) MapInternal(fr memmap.FileRange, at hostarch.AccessType) (s
panic(fmt.Sprintf("invalid range: %v", fr))
}
if at.Execute {
- return safemem.BlockSeq{}, syserror.EACCES
+ return safemem.BlockSeq{}, linuxerr.EACCES
}
chunks := ((fr.End + chunkMask) >> chunkShift) - (fr.Start >> chunkShift)
diff --git a/pkg/sentry/socket/control/control.go b/pkg/sentry/socket/control/control.go
index 64958b6ec..00a5e729a 100644
--- a/pkg/sentry/socket/control/control.go
+++ b/pkg/sentry/socket/control/control.go
@@ -29,7 +29,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
"gvisor.dev/gvisor/pkg/sentry/socket"
"gvisor.dev/gvisor/pkg/sentry/socket/unix/transport"
- "gvisor.dev/gvisor/pkg/syserror"
)
const maxInt = int(^uint(0) >> 1)
@@ -71,7 +70,7 @@ func NewSCMRights(t *kernel.Task, fds []int32) (SCMRights, error) {
file := t.GetFile(fd)
if file == nil {
files.Release(t)
- return nil, syserror.EBADF
+ return nil, linuxerr.EBADF
}
files = append(files, file)
}
@@ -170,7 +169,7 @@ func NewSCMCredentials(t *kernel.Task, cred linux.ControlMessageCredentials) (SC
return nil, err
}
if kernel.ThreadID(cred.PID) != t.ThreadGroup().ID() && !t.HasCapabilityIn(linux.CAP_SYS_ADMIN, t.PIDNamespace().UserNamespace()) {
- return nil, syserror.EPERM
+ return nil, linuxerr.EPERM
}
return &scmCredentials{t, kuid, kgid}, nil
}
diff --git a/pkg/sentry/socket/control/control_vfs2.go b/pkg/sentry/socket/control/control_vfs2.go
index 37d02948f..0a989cbeb 100644
--- a/pkg/sentry/socket/control/control_vfs2.go
+++ b/pkg/sentry/socket/control/control_vfs2.go
@@ -17,10 +17,10 @@ package control
import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/kernel"
"gvisor.dev/gvisor/pkg/sentry/socket/unix/transport"
"gvisor.dev/gvisor/pkg/sentry/vfs"
- "gvisor.dev/gvisor/pkg/syserror"
)
// SCMRightsVFS2 represents a SCM_RIGHTS socket control message.
@@ -51,7 +51,7 @@ func NewSCMRightsVFS2(t *kernel.Task, fds []int32) (SCMRightsVFS2, error) {
file := t.GetFileVFS2(fd)
if file == nil {
files.Release(t)
- return nil, syserror.EBADF
+ return nil, linuxerr.EBADF
}
files = append(files, file)
}
diff --git a/pkg/sentry/socket/hostinet/stack.go b/pkg/sentry/socket/hostinet/stack.go
index cbb1e905d..7a4e78a5f 100644
--- a/pkg/sentry/socket/hostinet/stack.go
+++ b/pkg/sentry/socket/hostinet/stack.go
@@ -29,11 +29,11 @@ import (
"golang.org/x/sys/unix"
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/log"
"gvisor.dev/gvisor/pkg/marshal/primitive"
"gvisor.dev/gvisor/pkg/sentry/inet"
"gvisor.dev/gvisor/pkg/syserr"
- "gvisor.dev/gvisor/pkg/syserror"
"gvisor.dev/gvisor/pkg/tcpip"
"gvisor.dev/gvisor/pkg/tcpip/stack"
"gvisor.dev/gvisor/pkg/usermem"
@@ -320,12 +320,12 @@ func (s *Stack) InterfaceAddrs() map[int32][]inet.InterfaceAddr {
// AddInterfaceAddr implements inet.Stack.AddInterfaceAddr.
func (s *Stack) AddInterfaceAddr(int32, inet.InterfaceAddr) error {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// RemoveInterfaceAddr implements inet.Stack.RemoveInterfaceAddr.
func (s *Stack) RemoveInterfaceAddr(int32, inet.InterfaceAddr) error {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// SupportsIPv6 implements inet.Stack.SupportsIPv6.
@@ -340,7 +340,7 @@ func (s *Stack) TCPReceiveBufferSize() (inet.TCPBufferSize, error) {
// SetTCPReceiveBufferSize implements inet.Stack.SetTCPReceiveBufferSize.
func (s *Stack) SetTCPReceiveBufferSize(size inet.TCPBufferSize) error {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// TCPSendBufferSize implements inet.Stack.TCPSendBufferSize.
@@ -350,7 +350,7 @@ func (s *Stack) TCPSendBufferSize() (inet.TCPBufferSize, error) {
// SetTCPSendBufferSize implements inet.Stack.SetTCPSendBufferSize.
func (s *Stack) SetTCPSendBufferSize(size inet.TCPBufferSize) error {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// TCPSACKEnabled implements inet.Stack.TCPSACKEnabled.
@@ -360,7 +360,7 @@ func (s *Stack) TCPSACKEnabled() (bool, error) {
// SetTCPSACKEnabled implements inet.Stack.SetTCPSACKEnabled.
func (s *Stack) SetTCPSACKEnabled(bool) error {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// TCPRecovery implements inet.Stack.TCPRecovery.
@@ -370,7 +370,7 @@ func (s *Stack) TCPRecovery() (inet.TCPLossRecovery, error) {
// SetTCPRecovery implements inet.Stack.SetTCPRecovery.
func (s *Stack) SetTCPRecovery(inet.TCPLossRecovery) error {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// getLine reads one line from proc file, with specified prefix.
@@ -483,7 +483,7 @@ func (s *Stack) RestoreCleanupEndpoints([]stack.TransportEndpoint) {}
// SetForwarding implements inet.Stack.SetForwarding.
func (s *Stack) SetForwarding(tcpip.NetworkProtocolNumber, bool) error {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// PortRange implements inet.Stack.PortRange.
@@ -494,5 +494,5 @@ func (*Stack) PortRange() (uint16, uint16) {
// SetPortRange implements inet.Stack.SetPortRange.
func (*Stack) SetPortRange(start uint16, end uint16) error {
- return syserror.EACCES
+ return linuxerr.EACCES
}
diff --git a/pkg/sentry/syscalls/epoll.go b/pkg/sentry/syscalls/epoll.go
index 02debfc7e..a69ed0746 100644
--- a/pkg/sentry/syscalls/epoll.go
+++ b/pkg/sentry/syscalls/epoll.go
@@ -22,7 +22,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/kernel"
"gvisor.dev/gvisor/pkg/sentry/kernel/epoll"
ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
- "gvisor.dev/gvisor/pkg/syserror"
"gvisor.dev/gvisor/pkg/waiter"
)
@@ -46,21 +45,21 @@ func AddEpoll(t *kernel.Task, epfd int32, fd int32, flags epoll.EntryFlags, mask
// Get epoll from the file descriptor.
epollfile := t.GetFile(epfd)
if epollfile == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
defer epollfile.DecRef(t)
// Get the target file id.
file := t.GetFile(fd)
if file == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
defer file.DecRef(t)
// Extract the epollPoll operations.
e, ok := epollfile.FileOperations.(*epoll.EventPoll)
if !ok {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// Try to add the entry.
@@ -72,21 +71,21 @@ func UpdateEpoll(t *kernel.Task, epfd int32, fd int32, flags epoll.EntryFlags, m
// Get epoll from the file descriptor.
epollfile := t.GetFile(epfd)
if epollfile == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
defer epollfile.DecRef(t)
// Get the target file id.
file := t.GetFile(fd)
if file == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
defer file.DecRef(t)
// Extract the epollPoll operations.
e, ok := epollfile.FileOperations.(*epoll.EventPoll)
if !ok {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// Try to update the entry.
@@ -98,21 +97,21 @@ func RemoveEpoll(t *kernel.Task, epfd int32, fd int32) error {
// Get epoll from the file descriptor.
epollfile := t.GetFile(epfd)
if epollfile == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
defer epollfile.DecRef(t)
// Get the target file id.
file := t.GetFile(fd)
if file == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
defer file.DecRef(t)
// Extract the epollPoll operations.
e, ok := epollfile.FileOperations.(*epoll.EventPoll)
if !ok {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// Try to remove the entry.
@@ -124,14 +123,14 @@ func WaitEpoll(t *kernel.Task, fd int32, max int, timeoutInNanos int64) ([]linux
// Get epoll from the file descriptor.
epollfile := t.GetFile(fd)
if epollfile == nil {
- return nil, syserror.EBADF
+ return nil, linuxerr.EBADF
}
defer epollfile.DecRef(t)
// Extract the epollPoll operations.
e, ok := epollfile.FileOperations.(*epoll.EventPoll)
if !ok {
- return nil, syserror.EBADF
+ return nil, linuxerr.EBADF
}
// Try to read events and return right away if we got them or if the
diff --git a/pkg/sentry/syscalls/linux/linux64.go b/pkg/sentry/syscalls/linux/linux64.go
index 1732064ef..039a595ab 100644
--- a/pkg/sentry/syscalls/linux/linux64.go
+++ b/pkg/sentry/syscalls/linux/linux64.go
@@ -201,15 +201,15 @@ var AMD64 = &kernel.SyscallTable{
145: syscalls.PartiallySupported("sched_getscheduler", SchedGetscheduler, "Stub implementation.", nil),
146: syscalls.PartiallySupported("sched_get_priority_max", SchedGetPriorityMax, "Stub implementation.", nil),
147: syscalls.PartiallySupported("sched_get_priority_min", SchedGetPriorityMin, "Stub implementation.", nil),
- 148: syscalls.ErrorWithEvent("sched_rr_get_interval", syserror.EPERM, "", nil),
+ 148: syscalls.ErrorWithEvent("sched_rr_get_interval", linuxerr.EPERM, "", nil),
149: syscalls.PartiallySupported("mlock", Mlock, "Stub implementation. The sandbox lacks appropriate permissions.", nil),
150: syscalls.PartiallySupported("munlock", Munlock, "Stub implementation. The sandbox lacks appropriate permissions.", nil),
151: syscalls.PartiallySupported("mlockall", Mlockall, "Stub implementation. The sandbox lacks appropriate permissions.", nil),
152: syscalls.PartiallySupported("munlockall", Munlockall, "Stub implementation. The sandbox lacks appropriate permissions.", nil),
153: syscalls.CapError("vhangup", linux.CAP_SYS_TTY_CONFIG, "", nil),
- 154: syscalls.Error("modify_ldt", syserror.EPERM, "", nil),
- 155: syscalls.Error("pivot_root", syserror.EPERM, "", nil),
- 156: syscalls.Error("sysctl", syserror.EPERM, "Deprecated. Use /proc/sys instead.", nil),
+ 154: syscalls.Error("modify_ldt", linuxerr.EPERM, "", nil),
+ 155: syscalls.Error("pivot_root", linuxerr.EPERM, "", nil),
+ 156: syscalls.Error("sysctl", linuxerr.EPERM, "Deprecated. Use /proc/sys instead.", nil),
157: syscalls.PartiallySupported("prctl", Prctl, "Not all options are supported.", nil),
158: syscalls.PartiallySupported("arch_prctl", ArchPrctl, "Options ARCH_GET_GS, ARCH_SET_GS not supported.", nil),
159: syscalls.CapError("adjtimex", linux.CAP_SYS_TIME, "", nil),
@@ -301,9 +301,9 @@ var AMD64 = &kernel.SyscallTable{
245: syscalls.ErrorWithEvent("mq_getsetattr", syserror.ENOSYS, "", []string{"gvisor.dev/issue/136"}), // TODO(b/29354921)
246: syscalls.CapError("kexec_load", linux.CAP_SYS_BOOT, "", nil),
247: syscalls.Supported("waitid", Waitid),
- 248: syscalls.Error("add_key", syserror.EACCES, "Not available to user.", nil),
- 249: syscalls.Error("request_key", syserror.EACCES, "Not available to user.", nil),
- 250: syscalls.Error("keyctl", syserror.EACCES, "Not available to user.", nil),
+ 248: syscalls.Error("add_key", linuxerr.EACCES, "Not available to user.", nil),
+ 249: syscalls.Error("request_key", linuxerr.EACCES, "Not available to user.", nil),
+ 250: syscalls.Error("keyctl", linuxerr.EACCES, "Not available to user.", nil),
251: syscalls.CapError("ioprio_set", linux.CAP_SYS_ADMIN, "", nil), // requires cap_sys_nice or cap_sys_admin (depending)
252: syscalls.CapError("ioprio_get", linux.CAP_SYS_ADMIN, "", nil), // requires cap_sys_nice or cap_sys_admin (depending)
253: syscalls.PartiallySupported("inotify_init", InotifyInit, "Inotify events are only available inside the sandbox. Hard links are treated as different watch targets in gofer fs.", nil),
@@ -471,7 +471,7 @@ var ARM64 = &kernel.SyscallTable{
38: syscalls.Supported("renameat", Renameat),
39: syscalls.PartiallySupported("umount2", Umount2, "Not all options or file systems are supported.", nil),
40: syscalls.PartiallySupported("mount", Mount, "Not all options or file systems are supported.", nil),
- 41: syscalls.Error("pivot_root", syserror.EPERM, "", nil),
+ 41: syscalls.Error("pivot_root", linuxerr.EPERM, "", nil),
42: syscalls.Error("nfsservctl", syserror.ENOSYS, "Removed after Linux 3.1.", nil),
43: syscalls.PartiallySupported("statfs", Statfs, "Depends on the backing file system implementation.", nil),
44: syscalls.PartiallySupported("fstatfs", Fstatfs, "Depends on the backing file system implementation.", nil),
@@ -557,7 +557,7 @@ var ARM64 = &kernel.SyscallTable{
124: syscalls.Supported("sched_yield", SchedYield),
125: syscalls.PartiallySupported("sched_get_priority_max", SchedGetPriorityMax, "Stub implementation.", nil),
126: syscalls.PartiallySupported("sched_get_priority_min", SchedGetPriorityMin, "Stub implementation.", nil),
- 127: syscalls.ErrorWithEvent("sched_rr_get_interval", syserror.EPERM, "", nil),
+ 127: syscalls.ErrorWithEvent("sched_rr_get_interval", linuxerr.EPERM, "", nil),
128: syscalls.Supported("restart_syscall", RestartSyscall),
129: syscalls.Supported("kill", Kill),
130: syscalls.Supported("tkill", Tkill),
@@ -647,9 +647,9 @@ var ARM64 = &kernel.SyscallTable{
214: syscalls.Supported("brk", Brk),
215: syscalls.Supported("munmap", Munmap),
216: syscalls.Supported("mremap", Mremap),
- 217: syscalls.Error("add_key", syserror.EACCES, "Not available to user.", nil),
- 218: syscalls.Error("request_key", syserror.EACCES, "Not available to user.", nil),
- 219: syscalls.Error("keyctl", syserror.EACCES, "Not available to user.", nil),
+ 217: syscalls.Error("add_key", linuxerr.EACCES, "Not available to user.", nil),
+ 218: syscalls.Error("request_key", linuxerr.EACCES, "Not available to user.", nil),
+ 219: syscalls.Error("keyctl", linuxerr.EACCES, "Not available to user.", nil),
220: syscalls.PartiallySupported("clone", Clone, "Mount namespace (CLONE_NEWNS) not supported. Options CLONE_PARENT, CLONE_SYSVSEM not supported.", nil),
221: syscalls.Supported("execve", Execve),
222: syscalls.PartiallySupported("mmap", Mmap, "Generally supported with exceptions. Options MAP_FIXED_NOREPLACE, MAP_SHARED_VALIDATE, MAP_SYNC MAP_GROWSDOWN, MAP_HUGETLB are not supported.", nil),
diff --git a/pkg/sentry/syscalls/linux/sys_aio.go b/pkg/sentry/syscalls/linux/sys_aio.go
index a93fc635b..4ce3430e2 100644
--- a/pkg/sentry/syscalls/linux/sys_aio.go
+++ b/pkg/sentry/syscalls/linux/sys_aio.go
@@ -270,7 +270,7 @@ func submitCallback(t *kernel.Task, id uint64, cb *linux.IOCallback, cbAddr host
file := t.GetFile(cb.FD)
if file == nil {
// File not found.
- return syserror.EBADF
+ return linuxerr.EBADF
}
defer file.DecRef(t)
@@ -280,7 +280,7 @@ func submitCallback(t *kernel.Task, id uint64, cb *linux.IOCallback, cbAddr host
eventFile = t.GetFile(cb.ResFD)
if eventFile == nil {
// Bad FD.
- return syserror.EBADF
+ return linuxerr.EBADF
}
defer eventFile.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/sys_capability.go b/pkg/sentry/syscalls/linux/sys_capability.go
index 782bcb94f..8318be001 100644
--- a/pkg/sentry/syscalls/linux/sys_capability.go
+++ b/pkg/sentry/syscalls/linux/sys_capability.go
@@ -116,7 +116,7 @@ func Capset(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
switch hdr.Version {
case linux.LINUX_CAPABILITY_VERSION_1:
if tid := kernel.ThreadID(hdr.Pid); tid != 0 && tid != t.ThreadID() {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
var data linux.CapUserData
if _, err := data.CopyIn(t, dataAddr); err != nil {
@@ -129,7 +129,7 @@ func Capset(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
case linux.LINUX_CAPABILITY_VERSION_2, linux.LINUX_CAPABILITY_VERSION_3:
if tid := kernel.ThreadID(hdr.Pid); tid != 0 && tid != t.ThreadID() {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
var data [2]linux.CapUserData
if _, err := linux.CopyCapUserDataSliceIn(t, dataAddr, data[:]); err != nil {
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go
index 3d45341f2..2bafb9efc 100644
--- a/pkg/sentry/syscalls/linux/sys_file.go
+++ b/pkg/sentry/syscalls/linux/sys_file.go
@@ -80,7 +80,7 @@ func fileOpOn(t *kernel.Task, dirFD int32, path string, resolve bool, fn func(ro
// Need to extract the given FD.
f = t.GetFile(dirFD)
if f == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
rel = f.Dirent
if !fs.IsDir(rel.Inode.StableAttr) {
@@ -271,7 +271,7 @@ func mknodAt(t *kernel.Task, dirFD int32, addr hostarch.Addr, mode linux.FileMod
//
// When we start supporting block and character devices, we'll
// need to check for CAP_MKNOD here.
- return syserror.EPERM
+ return linuxerr.EPERM
default:
// "EINVAL - mode requested creation of something other than a
@@ -596,7 +596,7 @@ func Ioctl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -704,7 +704,7 @@ func Chroot(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
addr := args[0].Pointer()
if !t.HasCapability(linux.CAP_SYS_CHROOT) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
path, _, err := copyInPath(t, addr, false /* allowEmpty */)
@@ -759,7 +759,7 @@ func Fchdir(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -790,7 +790,7 @@ func Close(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
// (and other reference-holding operations complete).
file, _ := t.FDTable().Remove(t, fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -804,7 +804,7 @@ func Dup(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallCo
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -825,7 +825,7 @@ func Dup2(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC
if oldfd == newfd {
oldFile := t.GetFile(oldfd)
if oldFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer oldFile.DecRef(t)
@@ -849,7 +849,7 @@ func Dup3(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC
oldFile := t.GetFile(oldfd)
if oldFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer oldFile.DecRef(t)
@@ -924,7 +924,7 @@ func Fcntl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file, flags := t.FDTable().Get(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -957,7 +957,7 @@ func Fcntl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
// Normally pipe and socket types lack lock operations. We diverge and use a heavy
// hammer by only allowing locks on files and directories.
if !fs.IsFile(file.Dirent.Inode.StableAttr) && !fs.IsDir(file.Dirent.Inode.StableAttr) {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Copy in the lock request.
@@ -1010,7 +1010,7 @@ func Fcntl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
switch flock.Type {
case linux.F_RDLCK:
if !file.Flags().Read {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
if cmd == linux.F_SETLK {
// Non-blocking lock, provide a nil lock.Blocker.
@@ -1026,7 +1026,7 @@ func Fcntl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
return 0, nil, nil
case linux.F_WRLCK:
if !file.Flags().Write {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
if cmd == linux.F_SETLK {
// Non-blocking lock, provide a nil lock.Blocker.
@@ -1093,7 +1093,7 @@ func Fcntl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
return uintptr(val), nil, err
case linux.F_ADD_SEALS:
if !file.Flags().Write {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
err := tmpfs.AddSeals(file.Dirent.Inode, args[2].Uint())
return 0, nil, err
@@ -1137,7 +1137,7 @@ func Fadvise64(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -1330,10 +1330,10 @@ func mayLinkAt(t *kernel.Task, target *fs.Inode) error {
// If we are not the owner, then the file must be regular and have
// Read+Write permissions.
if !fs.IsRegular(target.StableAttr) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if target.CheckPermission(t, fs.PermMask{Read: true, Write: true}) != nil {
- return syserror.EPERM
+ return linuxerr.EPERM
}
return nil
@@ -1358,7 +1358,7 @@ func linkAt(t *kernel.Task, oldDirFD int32, oldAddr hostarch.Addr, newDirFD int3
if allowEmpty && oldPath == "" {
target := t.GetFile(oldDirFD)
if target == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
defer target.DecRef(t)
if err := mayLinkAt(t, target.Dirent.Inode); err != nil {
@@ -1611,7 +1611,7 @@ func Ftruncate(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -1693,7 +1693,7 @@ func chown(t *kernel.Task, d *fs.Dirent, uid auth.UID, gid auth.GID) error {
// explicitly not changing its UID.
isNoop := uattr.Owner.UID == kuid
if !(hasCap || (isOwner && isNoop)) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// The setuid and setgid bits are cleared during a chown.
@@ -1716,7 +1716,7 @@ func chown(t *kernel.Task, d *fs.Dirent, uid auth.UID, gid auth.GID) error {
isNoop := uattr.Owner.GID == kgid
isMemberGroup := c.InGroup(kgid)
if !(hasCap || (isOwner && (isNoop || isMemberGroup))) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// The setuid and setgid bits are cleared during a chown.
@@ -1738,7 +1738,7 @@ func chown(t *kernel.Task, d *fs.Dirent, uid auth.UID, gid auth.GID) error {
if clearPrivilege && uattr.Perms.HasSetUIDOrGID() && !fs.IsDir(d.Inode.StableAttr) {
uattr.Perms.DropSetUIDAndMaybeGID()
if !d.Inode.SetPermissions(t, d, uattr.Perms) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
@@ -1755,7 +1755,7 @@ func chownAt(t *kernel.Task, fd int32, addr hostarch.Addr, resolve, allowEmpty b
// Annoying. What's wrong with fchown?
file := t.GetFile(fd)
if file == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
defer file.DecRef(t)
@@ -1793,7 +1793,7 @@ func Fchown(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -1818,12 +1818,12 @@ func Fchownat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
func chmod(t *kernel.Task, d *fs.Dirent, mode linux.FileMode) error {
// Must own file to change mode.
if !d.Inode.CheckOwnership(t) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
p := fs.FilePermsFromMode(mode)
if !d.Inode.SetPermissions(t, d, p) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// File attribute changed, generate notification.
@@ -1858,7 +1858,7 @@ func Fchmod(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -1889,7 +1889,7 @@ func utimes(t *kernel.Task, dirFD int32, addr hostarch.Addr, ts fs.TimeSpec, res
if !d.Inode.CheckOwnership(t) {
// Trying to set a specific time? Must be owner.
if (ts.ATimeOmit || !ts.ATimeSetSystemTime) && (ts.MTimeOmit || !ts.MTimeSetSystemTime) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Trying to set to current system time? Must have write access.
@@ -1918,7 +1918,7 @@ func utimes(t *kernel.Task, dirFD int32, addr hostarch.Addr, ts fs.TimeSpec, res
}
f := t.GetFile(dirFD)
if f == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
defer f.DecRef(t)
@@ -2113,7 +2113,7 @@ func Fallocate(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -2125,7 +2125,7 @@ func Fallocate(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
return 0, nil, syserror.ENOTSUP
}
if !file.Flags().Write {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
if fs.IsPipe(file.Dirent.Inode.StableAttr) {
return 0, nil, syserror.ESPIPE
@@ -2166,7 +2166,7 @@ func Flock(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFile(fd)
if file == nil {
// flock(2): EBADF fd is not an open file descriptor.
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/sys_getdents.go b/pkg/sentry/syscalls/linux/sys_getdents.go
index 355fbd766..917717e31 100644
--- a/pkg/sentry/syscalls/linux/sys_getdents.go
+++ b/pkg/sentry/syscalls/linux/sys_getdents.go
@@ -67,7 +67,7 @@ func Getdents64(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sy
func getdents(t *kernel.Task, fd int32, addr hostarch.Addr, size int, f func(*dirent, io.Writer) (int, error)) (uintptr, error) {
dir := t.GetFile(fd)
if dir == nil {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
defer dir.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/sys_inotify.go b/pkg/sentry/syscalls/linux/sys_inotify.go
index 48c8dbdca..3738e4cfb 100644
--- a/pkg/sentry/syscalls/linux/sys_inotify.go
+++ b/pkg/sentry/syscalls/linux/sys_inotify.go
@@ -66,7 +66,7 @@ func fdToInotify(t *kernel.Task, fd int32) (*fs.Inotify, *fs.File, error) {
file := t.GetFile(fd)
if file == nil {
// Invalid fd.
- return nil, nil, syserror.EBADF
+ return nil, nil, linuxerr.EBADF
}
ino, ok := file.FileOperations.(*fs.Inotify)
diff --git a/pkg/sentry/syscalls/linux/sys_lseek.go b/pkg/sentry/syscalls/linux/sys_lseek.go
index c16c63ecc..bf71a9af3 100644
--- a/pkg/sentry/syscalls/linux/sys_lseek.go
+++ b/pkg/sentry/syscalls/linux/sys_lseek.go
@@ -32,7 +32,7 @@ func Lseek(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/sys_membarrier.go b/pkg/sentry/syscalls/linux/sys_membarrier.go
index 4b67f2536..6ceedc086 100644
--- a/pkg/sentry/syscalls/linux/sys_membarrier.go
+++ b/pkg/sentry/syscalls/linux/sys_membarrier.go
@@ -19,7 +19,6 @@ import (
"gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/arch"
"gvisor.dev/gvisor/pkg/sentry/kernel"
- "gvisor.dev/gvisor/pkg/syserror"
)
// Membarrier implements syscall membarrier(2).
@@ -53,7 +52,7 @@ func Membarrier(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sy
return 0, nil, linuxerr.EINVAL
}
if cmd == linux.MEMBARRIER_CMD_PRIVATE_EXPEDITED && !t.MemoryManager().IsMembarrierPrivateEnabled() {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
return 0, nil, t.Kernel().Platform.GlobalMemoryBarrier()
case linux.MEMBARRIER_CMD_REGISTER_GLOBAL_EXPEDITED:
@@ -82,7 +81,7 @@ func Membarrier(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sy
return 0, nil, linuxerr.EINVAL
}
if !t.MemoryManager().IsMembarrierRSeqEnabled() {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
// MEMBARRIER_CMD_FLAG_CPU and cpu_id are ignored since we don't have
// the ability to preempt specific CPUs.
diff --git a/pkg/sentry/syscalls/linux/sys_mempolicy.go b/pkg/sentry/syscalls/linux/sys_mempolicy.go
index 62ec3e27f..adb513a3d 100644
--- a/pkg/sentry/syscalls/linux/sys_mempolicy.go
+++ b/pkg/sentry/syscalls/linux/sys_mempolicy.go
@@ -246,7 +246,7 @@ func Mbind(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
// "If MPOL_MF_MOVE_ALL is passed in flags ... [the] calling thread must be
// privileged (CAP_SYS_NICE) to use this flag." - mbind(2)
if flags&linux.MPOL_MF_MOVE_ALL != 0 && !t.HasCapability(linux.CAP_SYS_NICE) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
mode, nodemaskVal, err := copyInMempolicyNodemask(t, mode, nodemask, maxnode)
diff --git a/pkg/sentry/syscalls/linux/sys_mmap.go b/pkg/sentry/syscalls/linux/sys_mmap.go
index 74279c82b..cee621791 100644
--- a/pkg/sentry/syscalls/linux/sys_mmap.go
+++ b/pkg/sentry/syscalls/linux/sys_mmap.go
@@ -84,14 +84,14 @@ func Mmap(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC
// Convert the passed FD to a file reference.
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
flags := file.Flags()
// mmap unconditionally requires that the FD is readable.
if !flags.Read {
- return 0, nil, syserror.EACCES
+ return 0, nil, linuxerr.EACCES
}
// MAP_SHARED requires that the FD be writable for PROT_WRITE.
if shared && !flags.Write {
@@ -214,7 +214,7 @@ func Madvise(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
return 0, nil, syserror.ENOSYS
case linux.MADV_HWPOISON:
// Only privileged processes are allowed to poison pages.
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
default:
// If adv is not a valid value tell the caller.
return 0, nil, linuxerr.EINVAL
diff --git a/pkg/sentry/syscalls/linux/sys_mount.go b/pkg/sentry/syscalls/linux/sys_mount.go
index 8bf4e9f06..5b84c32dd 100644
--- a/pkg/sentry/syscalls/linux/sys_mount.go
+++ b/pkg/sentry/syscalls/linux/sys_mount.go
@@ -67,7 +67,7 @@ func Mount(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
// Must have CAP_SYS_ADMIN in the mount namespace's associated user
// namespace.
if !t.HasCapabilityIn(linux.CAP_SYS_ADMIN, t.MountNamespace().UserNamespace()) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
const unsupportedOps = linux.MS_REMOUNT | linux.MS_BIND |
@@ -91,7 +91,7 @@ func Mount(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
return 0, nil, syserror.ENODEV
}
if !rsys.AllowUserMount() {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
var superFlags fs.MountSourceFlags
@@ -143,7 +143,7 @@ func Umount2(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
//
// Currently, this is always the init task's user namespace.
if !t.HasCapabilityIn(linux.CAP_SYS_ADMIN, t.MountNamespace().UserNamespace()) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
resolve := flags&linux.UMOUNT_NOFOLLOW != linux.UMOUNT_NOFOLLOW
diff --git a/pkg/sentry/syscalls/linux/sys_poll.go b/pkg/sentry/syscalls/linux/sys_poll.go
index f2056d850..a80c84fcd 100644
--- a/pkg/sentry/syscalls/linux/sys_poll.go
+++ b/pkg/sentry/syscalls/linux/sys_poll.go
@@ -265,7 +265,7 @@ func doSelect(t *kernel.Task, nfds int, readFDs, writeFDs, exceptFDs hostarch.Ad
// OK. Linux is racy in the same way.
file := t.GetFile(fd)
if file == nil {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/sys_prctl.go b/pkg/sentry/syscalls/linux/sys_prctl.go
index 534f1e632..a16b6b4d6 100644
--- a/pkg/sentry/syscalls/linux/sys_prctl.go
+++ b/pkg/sentry/syscalls/linux/sys_prctl.go
@@ -26,7 +26,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/kernel"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
"gvisor.dev/gvisor/pkg/sentry/mm"
- "gvisor.dev/gvisor/pkg/syserror"
)
// Prctl implements linux syscall prctl(2).
@@ -119,7 +118,7 @@ func Prctl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
case linux.PR_SET_MM:
if !t.HasCapability(linux.CAP_SYS_RESOURCE) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
switch args[1].Int() {
@@ -128,13 +127,13 @@ func Prctl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
// They trying to set exe to a non-file?
if !fs.IsFile(file.Dirent.Inode.StableAttr) {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Set the underlying executable.
diff --git a/pkg/sentry/syscalls/linux/sys_read.go b/pkg/sentry/syscalls/linux/sys_read.go
index 4064467a9..02651b709 100644
--- a/pkg/sentry/syscalls/linux/sys_read.go
+++ b/pkg/sentry/syscalls/linux/sys_read.go
@@ -47,13 +47,13 @@ func Read(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
// Check that the file is readable.
if !file.Flags().Read {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Check that the size is legitimate.
@@ -83,13 +83,13 @@ func Readahead(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
// Check that the file is readable.
if !file.Flags().Read {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Check that the size is valid.
@@ -117,7 +117,7 @@ func Pread64(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -133,7 +133,7 @@ func Pread64(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
// Check that the file is readable.
if !file.Flags().Read {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Check that the size is legitimate.
@@ -163,13 +163,13 @@ func Readv(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
// Check that the file is readable.
if !file.Flags().Read {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Read the iovecs that specify the destination of the read.
@@ -194,7 +194,7 @@ func Preadv(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -210,7 +210,7 @@ func Preadv(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
// Check that the file is readable.
if !file.Flags().Read {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Read the iovecs that specify the destination of the read.
@@ -243,7 +243,7 @@ func Preadv2(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -259,7 +259,7 @@ func Preadv2(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
// Check that the file is readable.
if !file.Flags().Read {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Check flags field.
diff --git a/pkg/sentry/syscalls/linux/sys_rlimit.go b/pkg/sentry/syscalls/linux/sys_rlimit.go
index ca78c2ab2..06f51f49c 100644
--- a/pkg/sentry/syscalls/linux/sys_rlimit.go
+++ b/pkg/sentry/syscalls/linux/sys_rlimit.go
@@ -106,7 +106,7 @@ func prlimit64(t *kernel.Task, resource limits.LimitType, newLim *limits.Limit)
}
if _, ok := setableLimits[resource]; !ok {
- return limits.Limit{}, syserror.EPERM
+ return limits.Limit{}, linuxerr.EPERM
}
// "A privileged process (under Linux: one with the CAP_SYS_RESOURCE
@@ -208,7 +208,7 @@ func Prlimit64(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
cred.RealKGID != tcred.RealKGID ||
cred.RealKGID != tcred.EffectiveKGID ||
cred.RealKGID != tcred.SavedKGID {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
}
diff --git a/pkg/sentry/syscalls/linux/sys_signal.go b/pkg/sentry/syscalls/linux/sys_signal.go
index 4d659e5cf..f98d5c903 100644
--- a/pkg/sentry/syscalls/linux/sys_signal.go
+++ b/pkg/sentry/syscalls/linux/sys_signal.go
@@ -83,7 +83,7 @@ func Kill(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC
return 0, nil, syserror.ESRCH
}
if !mayKill(t, target, sig) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
info := &linux.SignalInfo{
Signo: int32(sig),
@@ -164,7 +164,7 @@ func Kill(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC
for _, tg := range t.PIDNamespace().ThreadGroups() {
if t.PIDNamespace().IDOfProcessGroup(tg.ProcessGroup()) == pgid {
if !mayKill(t, tg.Leader(), sig) {
- lastErr = syserror.EPERM
+ lastErr = linuxerr.EPERM
continue
}
@@ -212,7 +212,7 @@ func Tkill(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
}
if !mayKill(t, target, sig) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
return 0, nil, target.SendSignal(tkillSigInfo(t, target, sig))
}
@@ -236,7 +236,7 @@ func Tgkill(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
}
if !mayKill(t, target, sig) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
return 0, nil, target.SendSignal(tkillSigInfo(t, target, sig))
}
@@ -339,7 +339,7 @@ func Sigaltstack(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.S
// these semantics apply to changing the signal stack via a
// ucontext during a signal handler.
if !t.SetSignalStack(alt) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
}
@@ -427,11 +427,11 @@ func RtSigqueueinfo(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kerne
// If the sender is not the receiver, it can't use si_codes used by the
// kernel or SI_TKILL.
if (info.Code >= 0 || info.Code == linux.SI_TKILL) && target != t {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
if !mayKill(t, target, sig) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
if err := target.SendGroupSignal(&info); !linuxerr.Equals(linuxerr.ESRCH, err) {
@@ -470,11 +470,11 @@ func RtTgsigqueueinfo(t *kernel.Task, args arch.SyscallArguments) (uintptr, *ker
// If the sender is not the receiver, it can't use si_codes used by the
// kernel or SI_TKILL.
if (info.Code >= 0 || info.Code == linux.SI_TKILL) && target != t {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
if !mayKill(t, target, sig) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
return 0, nil, target.SendSignal(&info)
}
@@ -534,7 +534,7 @@ func sharedSignalfd(t *kernel.Task, fd int32, sigset hostarch.Addr, sigsetsize u
if fd != -1 {
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/sys_socket.go b/pkg/sentry/syscalls/linux/sys_socket.go
index 6638ad60f..4cb0ad274 100644
--- a/pkg/sentry/syscalls/linux/sys_socket.go
+++ b/pkg/sentry/syscalls/linux/sys_socket.go
@@ -253,7 +253,7 @@ func Connect(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -284,7 +284,7 @@ func accept(t *kernel.Task, fd int32, addr hostarch.Addr, addrLen hostarch.Addr,
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -343,7 +343,7 @@ func Bind(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -370,7 +370,7 @@ func Listen(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -408,7 +408,7 @@ func Shutdown(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -439,7 +439,7 @@ func GetSockOpt(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sy
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -520,7 +520,7 @@ func SetSockOpt(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sy
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -558,7 +558,7 @@ func GetSockName(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.S
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -586,7 +586,7 @@ func GetPeerName(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.S
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -619,7 +619,7 @@ func RecvMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -676,7 +676,7 @@ func RecvMMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -841,7 +841,7 @@ func recvFrom(t *kernel.Task, fd int32, bufPtr hostarch.Addr, bufLen uint64, fla
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -914,7 +914,7 @@ func SendMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -956,7 +956,7 @@ func SendMMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -1080,7 +1080,7 @@ func sendTo(t *kernel.Task, fd int32, bufPtr hostarch.Addr, bufLen uint64, flags
// Get socket from the file descriptor.
file := t.GetFile(fd)
if file == nil {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
defer file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/sys_splice.go b/pkg/sentry/syscalls/linux/sys_splice.go
index 88bee61ef..398485a72 100644
--- a/pkg/sentry/syscalls/linux/sys_splice.go
+++ b/pkg/sentry/syscalls/linux/sys_splice.go
@@ -106,22 +106,22 @@ func Sendfile(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
// Get files.
inFile := t.GetFile(inFD)
if inFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer inFile.DecRef(t)
if !inFile.Flags().Read {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
outFile := t.GetFile(outFD)
if outFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer outFile.DecRef(t)
if !outFile.Flags().Write {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Verify that the outfile Append flag is not set.
@@ -197,13 +197,13 @@ func Splice(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
// Get files.
outFile := t.GetFile(outFD)
if outFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer outFile.DecRef(t)
inFile := t.GetFile(inFD)
if inFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer inFile.DecRef(t)
@@ -305,13 +305,13 @@ func Tee(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallCo
// Get files.
outFile := t.GetFile(outFD)
if outFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer outFile.DecRef(t)
inFile := t.GetFile(inFD)
if inFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer inFile.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/sys_stat.go b/pkg/sentry/syscalls/linux/sys_stat.go
index 103b13c10..46a69a78a 100644
--- a/pkg/sentry/syscalls/linux/sys_stat.go
+++ b/pkg/sentry/syscalls/linux/sys_stat.go
@@ -57,7 +57,7 @@ func Fstatat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
// Annoying. What's wrong with fstat?
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -99,7 +99,7 @@ func Fstat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -157,7 +157,7 @@ func Statx(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
if path == "" {
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
uattr, err := file.UnstableAttr(t)
@@ -248,7 +248,7 @@ func Fstatfs(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/sys_sync.go b/pkg/sentry/syscalls/linux/sys_sync.go
index 3f0e6c02e..6278bef21 100644
--- a/pkg/sentry/syscalls/linux/sys_sync.go
+++ b/pkg/sentry/syscalls/linux/sys_sync.go
@@ -38,7 +38,7 @@ func Syncfs(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -53,7 +53,7 @@ func Fsync(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -69,7 +69,7 @@ func Fdatasync(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -102,7 +102,7 @@ func SyncFileRange(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/sys_thread.go b/pkg/sentry/syscalls/linux/sys_thread.go
index d99dd5131..fe08c931f 100644
--- a/pkg/sentry/syscalls/linux/sys_thread.go
+++ b/pkg/sentry/syscalls/linux/sys_thread.go
@@ -136,7 +136,7 @@ func execveat(t *kernel.Task, dirFD int32, pathnameAddr, argvAddr, envvAddr host
// Need to extract the given FD.
f, fdFlags := t.FDTable().Get(dirFD)
if f == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer f.DecRef(t)
closeOnExec = fdFlags.CloseOnExec
diff --git a/pkg/sentry/syscalls/linux/sys_time.go b/pkg/sentry/syscalls/linux/sys_time.go
index d75bb9c4f..674e74f82 100644
--- a/pkg/sentry/syscalls/linux/sys_time.go
+++ b/pkg/sentry/syscalls/linux/sys_time.go
@@ -158,7 +158,7 @@ func ClockGettime(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.
// ClockSettime implements linux syscall clock_settime(2).
func ClockSettime(*kernel.Task, arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
// Time implements linux syscall time(2).
diff --git a/pkg/sentry/syscalls/linux/sys_timerfd.go b/pkg/sentry/syscalls/linux/sys_timerfd.go
index a8e88b814..4eeb94231 100644
--- a/pkg/sentry/syscalls/linux/sys_timerfd.go
+++ b/pkg/sentry/syscalls/linux/sys_timerfd.go
@@ -22,7 +22,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/fs/timerfd"
"gvisor.dev/gvisor/pkg/sentry/kernel"
ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
- "gvisor.dev/gvisor/pkg/syserror"
)
// TimerfdCreate implements Linux syscall timerfd_create(2).
@@ -72,7 +71,7 @@ func TimerfdSettime(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kerne
f := t.GetFile(fd)
if f == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer f.DecRef(t)
@@ -106,7 +105,7 @@ func TimerfdGettime(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kerne
f := t.GetFile(fd)
if f == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer f.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/sys_tls_amd64.go b/pkg/sentry/syscalls/linux/sys_tls_amd64.go
index 32272c267..c5899a359 100644
--- a/pkg/sentry/syscalls/linux/sys_tls_amd64.go
+++ b/pkg/sentry/syscalls/linux/sys_tls_amd64.go
@@ -43,7 +43,7 @@ func ArchPrctl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
case linux.ARCH_SET_FS:
fsbase := args[1].Uint64()
if !t.Arch().SetTLS(uintptr(fsbase)) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
case linux.ARCH_GET_GS, linux.ARCH_SET_GS:
t.Kernel().EmitUnimplementedEvent(t)
diff --git a/pkg/sentry/syscalls/linux/sys_utsname.go b/pkg/sentry/syscalls/linux/sys_utsname.go
index 7fffb189e..4e945d2c0 100644
--- a/pkg/sentry/syscalls/linux/sys_utsname.go
+++ b/pkg/sentry/syscalls/linux/sys_utsname.go
@@ -19,7 +19,6 @@ import (
"gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/arch"
"gvisor.dev/gvisor/pkg/sentry/kernel"
- "gvisor.dev/gvisor/pkg/syserror"
)
// Uname implements linux syscall uname.
@@ -58,7 +57,7 @@ func Setdomainname(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel
utsns := t.UTSNamespace()
if !t.HasCapabilityIn(linux.CAP_SYS_ADMIN, utsns.UserNamespace()) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
if size < 0 || size > linux.UTSLen {
return 0, nil, linuxerr.EINVAL
@@ -80,7 +79,7 @@ func Sethostname(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.S
utsns := t.UTSNamespace()
if !t.HasCapabilityIn(linux.CAP_SYS_ADMIN, utsns.UserNamespace()) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
if size < 0 || size > linux.UTSLen {
return 0, nil, linuxerr.EINVAL
diff --git a/pkg/sentry/syscalls/linux/sys_write.go b/pkg/sentry/syscalls/linux/sys_write.go
index 998b5fde6..fe7da4261 100644
--- a/pkg/sentry/syscalls/linux/sys_write.go
+++ b/pkg/sentry/syscalls/linux/sys_write.go
@@ -47,13 +47,13 @@ func Write(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
// Check that the file is writable.
if !file.Flags().Write {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Check that the size is legitimate.
@@ -84,7 +84,7 @@ func Pwrite64(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -100,7 +100,7 @@ func Pwrite64(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
// Check that the file is writable.
if !file.Flags().Write {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Check that the size is legitimate.
@@ -130,13 +130,13 @@ func Writev(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
// Check that the file is writable.
if !file.Flags().Write {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Read the iovecs that specify the source of the write.
@@ -161,7 +161,7 @@ func Pwritev(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -177,7 +177,7 @@ func Pwritev(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
// Check that the file is writable.
if !file.Flags().Write {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Read the iovecs that specify the source of the write.
@@ -209,12 +209,12 @@ func Pwritev2(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
flags := int(args[5].Int())
if int(args[4].Int())&0x4 == 1 {
- return 0, nil, syserror.EACCES
+ return 0, nil, linuxerr.EACCES
}
file := t.GetFile(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -236,7 +236,7 @@ func Pwritev2(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
// Check that the file is writeable.
if !file.Flags().Write {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Read the iovecs that specify the source of the write.
diff --git a/pkg/sentry/syscalls/linux/sys_xattr.go b/pkg/sentry/syscalls/linux/sys_xattr.go
index da6651062..ea67d1398 100644
--- a/pkg/sentry/syscalls/linux/sys_xattr.go
+++ b/pkg/sentry/syscalls/linux/sys_xattr.go
@@ -48,7 +48,7 @@ func FGetXattr(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
// TODO(b/113957122): Return EBADF if the fd was opened with O_PATH.
f := t.GetFile(fd)
if f == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer f.DecRef(t)
@@ -152,7 +152,7 @@ func FSetXattr(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
// TODO(b/113957122): Return EBADF if the fd was opened with O_PATH.
f := t.GetFile(fd)
if f == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer f.DecRef(t)
@@ -242,7 +242,7 @@ func checkXattrPermissions(t *kernel.Task, i *fs.Inode, perms fs.PermMask) error
// Restrict xattrs to regular files and directories.
if !xattrFileTypeOk(i) {
if perms.Write {
- return syserror.EPERM
+ return linuxerr.EPERM
}
return syserror.ENODATA
}
@@ -269,7 +269,7 @@ func FListXattr(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sy
// TODO(b/113957122): Return EBADF if the fd was opened with O_PATH.
f := t.GetFile(fd)
if f == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer f.DecRef(t)
@@ -383,7 +383,7 @@ func FRemoveXattr(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.
// TODO(b/113957122): Return EBADF if the fd was opened with O_PATH.
f := t.GetFile(fd)
if f == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer f.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/vfs2/aio.go b/pkg/sentry/syscalls/linux/vfs2/aio.go
index d81df637f..a8fa86cdc 100644
--- a/pkg/sentry/syscalls/linux/vfs2/aio.go
+++ b/pkg/sentry/syscalls/linux/vfs2/aio.go
@@ -95,7 +95,7 @@ func submitCallback(t *kernel.Task, id uint64, cb *linux.IOCallback, cbAddr host
fd := t.GetFileVFS2(cb.FD)
if fd == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
defer fd.DecRef(t)
@@ -104,7 +104,7 @@ func submitCallback(t *kernel.Task, id uint64, cb *linux.IOCallback, cbAddr host
if cb.Flags&linux.IOCB_FLAG_RESFD != 0 {
eventFD = t.GetFileVFS2(cb.ResFD)
if eventFD == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
defer eventFD.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/vfs2/epoll.go b/pkg/sentry/syscalls/linux/vfs2/epoll.go
index d3bb3a3e1..84010db77 100644
--- a/pkg/sentry/syscalls/linux/vfs2/epoll.go
+++ b/pkg/sentry/syscalls/linux/vfs2/epoll.go
@@ -25,7 +25,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/kernel"
ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
"gvisor.dev/gvisor/pkg/sentry/vfs"
- "gvisor.dev/gvisor/pkg/syserror"
"gvisor.dev/gvisor/pkg/waiter"
)
@@ -85,7 +84,7 @@ func EpollCtl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
epfile := t.GetFileVFS2(epfd)
if epfile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer epfile.DecRef(t)
ep, ok := epfile.Impl().(*vfs.EpollInstance)
@@ -94,7 +93,7 @@ func EpollCtl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
}
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
if epfile == file {
@@ -128,7 +127,7 @@ func waitEpoll(t *kernel.Task, epfd int32, eventsAddr hostarch.Addr, maxEvents i
epfile := t.GetFileVFS2(epfd)
if epfile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer epfile.DecRef(t)
ep, ok := epfile.Impl().(*vfs.EpollInstance)
diff --git a/pkg/sentry/syscalls/linux/vfs2/execve.go b/pkg/sentry/syscalls/linux/vfs2/execve.go
index 7b1e1da78..38818c175 100644
--- a/pkg/sentry/syscalls/linux/vfs2/execve.go
+++ b/pkg/sentry/syscalls/linux/vfs2/execve.go
@@ -87,7 +87,7 @@ func execveat(t *kernel.Task, dirfd int32, pathnameAddr, argvAddr, envvAddr host
}
dirfile, dirfileFlags := t.FDTable().GetVFS2(dirfd)
if dirfile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
start := dirfile.VirtualDentry()
start.IncRef()
diff --git a/pkg/sentry/syscalls/linux/vfs2/fd.go b/pkg/sentry/syscalls/linux/vfs2/fd.go
index ea34ff471..bf2627c36 100644
--- a/pkg/sentry/syscalls/linux/vfs2/fd.go
+++ b/pkg/sentry/syscalls/linux/vfs2/fd.go
@@ -37,7 +37,7 @@ func Close(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
// (and other reference-holding operations complete).
_, file := t.FDTable().Remove(t, fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -51,7 +51,7 @@ func Dup(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallCo
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -71,7 +71,7 @@ func Dup2(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC
// As long as oldfd is valid, dup2() does nothing and returns newfd.
file := t.GetFileVFS2(oldfd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
file.DecRef(t)
return uintptr(newfd), nil, nil
@@ -100,7 +100,7 @@ func dup3(t *kernel.Task, oldfd, newfd int32, flags uint32) (uintptr, *kernel.Sy
file := t.GetFileVFS2(oldfd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -120,7 +120,7 @@ func Fcntl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file, flags := t.FDTable().GetVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -129,7 +129,7 @@ func Fcntl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
case linux.F_DUPFD, linux.F_DUPFD_CLOEXEC, linux.F_GETFD, linux.F_SETFD, linux.F_GETFL:
// allowed
default:
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
}
@@ -193,7 +193,7 @@ func Fcntl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
case linux.F_SETPIPE_SZ:
pipefile, ok := file.Impl().(*pipe.VFSPipeFD)
if !ok {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
n, err := pipefile.SetPipeSize(int64(args[2].Int()))
if err != nil {
@@ -203,7 +203,7 @@ func Fcntl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
case linux.F_GETPIPE_SZ:
pipefile, ok := file.Impl().(*pipe.VFSPipeFD)
if !ok {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
return uintptr(pipefile.PipeSize()), nil, nil
case linux.F_GET_SEALS:
@@ -211,7 +211,7 @@ func Fcntl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
return uintptr(val), nil, err
case linux.F_ADD_SEALS:
if !file.IsWritable() {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
err := tmpfs.AddSeals(file, args[2].Uint())
return 0, nil, err
@@ -369,13 +369,13 @@ func posixLock(t *kernel.Task, args arch.SyscallArguments, file *vfs.FileDescrip
switch flock.Type {
case linux.F_RDLCK:
if !file.IsReadable() {
- return syserror.EBADF
+ return linuxerr.EBADF
}
return file.LockPOSIX(t, t.FDTable(), int32(t.TGIDInRoot()), lock.ReadLock, r, blocker)
case linux.F_WRLCK:
if !file.IsWritable() {
- return syserror.EBADF
+ return linuxerr.EBADF
}
return file.LockPOSIX(t, t.FDTable(), int32(t.TGIDInRoot()), lock.WriteLock, r, blocker)
@@ -401,12 +401,12 @@ func Fadvise64(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
if file.StatusFlags()&linux.O_PATH != 0 {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// If the FD refers to a pipe or FIFO, return error.
diff --git a/pkg/sentry/syscalls/linux/vfs2/fscontext.go b/pkg/sentry/syscalls/linux/vfs2/fscontext.go
index a7d4d2a36..f74d6197c 100644
--- a/pkg/sentry/syscalls/linux/vfs2/fscontext.go
+++ b/pkg/sentry/syscalls/linux/vfs2/fscontext.go
@@ -16,6 +16,7 @@ package vfs2
import (
"gvisor.dev/gvisor/pkg/abi/linux"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/fspath"
"gvisor.dev/gvisor/pkg/sentry/arch"
"gvisor.dev/gvisor/pkg/sentry/kernel"
@@ -106,7 +107,7 @@ func Chroot(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
addr := args[0].Pointer()
if !t.HasCapability(linux.CAP_SYS_CHROOT) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
path, err := copyInPath(t, addr)
diff --git a/pkg/sentry/syscalls/linux/vfs2/getdents.go b/pkg/sentry/syscalls/linux/vfs2/getdents.go
index 8ace31af3..c2c3172bc 100644
--- a/pkg/sentry/syscalls/linux/vfs2/getdents.go
+++ b/pkg/sentry/syscalls/linux/vfs2/getdents.go
@@ -23,7 +23,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/kernel"
"gvisor.dev/gvisor/pkg/sentry/vfs"
"gvisor.dev/gvisor/pkg/sync"
- "gvisor.dev/gvisor/pkg/syserror"
)
// Getdents implements Linux syscall getdents(2).
@@ -43,7 +42,7 @@ func getdents(t *kernel.Task, args arch.SyscallArguments, isGetdents64 bool) (ui
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/vfs2/inotify.go b/pkg/sentry/syscalls/linux/vfs2/inotify.go
index 7a2e9e75d..d8d5dd7ad 100644
--- a/pkg/sentry/syscalls/linux/vfs2/inotify.go
+++ b/pkg/sentry/syscalls/linux/vfs2/inotify.go
@@ -20,7 +20,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/arch"
"gvisor.dev/gvisor/pkg/sentry/kernel"
"gvisor.dev/gvisor/pkg/sentry/vfs"
- "gvisor.dev/gvisor/pkg/syserror"
)
const allFlags = linux.IN_NONBLOCK | linux.IN_CLOEXEC
@@ -61,7 +60,7 @@ func fdToInotify(t *kernel.Task, fd int32) (*vfs.Inotify, *vfs.FileDescription,
f := t.GetFileVFS2(fd)
if f == nil {
// Invalid fd.
- return nil, nil, syserror.EBADF
+ return nil, nil, linuxerr.EBADF
}
ino, ok := f.Impl().(*vfs.Inotify)
diff --git a/pkg/sentry/syscalls/linux/vfs2/ioctl.go b/pkg/sentry/syscalls/linux/vfs2/ioctl.go
index 9852e3fe4..b806120cd 100644
--- a/pkg/sentry/syscalls/linux/vfs2/ioctl.go
+++ b/pkg/sentry/syscalls/linux/vfs2/ioctl.go
@@ -20,7 +20,6 @@ import (
"gvisor.dev/gvisor/pkg/marshal/primitive"
"gvisor.dev/gvisor/pkg/sentry/arch"
"gvisor.dev/gvisor/pkg/sentry/kernel"
- "gvisor.dev/gvisor/pkg/syserror"
)
// Ioctl implements Linux syscall ioctl(2).
@@ -29,12 +28,12 @@ func Ioctl(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
if file.StatusFlags()&linux.O_PATH != 0 {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Handle ioctls that apply to all FDs.
diff --git a/pkg/sentry/syscalls/linux/vfs2/lock.go b/pkg/sentry/syscalls/linux/vfs2/lock.go
index 80cb3ba09..008603173 100644
--- a/pkg/sentry/syscalls/linux/vfs2/lock.go
+++ b/pkg/sentry/syscalls/linux/vfs2/lock.go
@@ -20,7 +20,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/arch"
"gvisor.dev/gvisor/pkg/sentry/fs/lock"
"gvisor.dev/gvisor/pkg/sentry/kernel"
- "gvisor.dev/gvisor/pkg/syserror"
)
// Flock implements linux syscall flock(2).
@@ -31,7 +30,7 @@ func Flock(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFileVFS2(fd)
if file == nil {
// flock(2): EBADF fd is not an open file descriptor.
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/vfs2/mmap.go b/pkg/sentry/syscalls/linux/vfs2/mmap.go
index db8d59899..c804f9fd3 100644
--- a/pkg/sentry/syscalls/linux/vfs2/mmap.go
+++ b/pkg/sentry/syscalls/linux/vfs2/mmap.go
@@ -22,7 +22,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/fsimpl/tmpfs"
"gvisor.dev/gvisor/pkg/sentry/kernel"
"gvisor.dev/gvisor/pkg/sentry/memmap"
- "gvisor.dev/gvisor/pkg/syserror"
)
// Mmap implements Linux syscall mmap(2).
@@ -71,13 +70,13 @@ func Mmap(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC
// Convert the passed FD to a file reference.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
// mmap unconditionally requires that the FD is readable.
if !file.IsReadable() {
- return 0, nil, syserror.EACCES
+ return 0, nil, linuxerr.EACCES
}
// MAP_SHARED requires that the FD be writable for PROT_WRITE.
if shared && !file.IsWritable() {
diff --git a/pkg/sentry/syscalls/linux/vfs2/mount.go b/pkg/sentry/syscalls/linux/vfs2/mount.go
index 667e48744..4d73d46ef 100644
--- a/pkg/sentry/syscalls/linux/vfs2/mount.go
+++ b/pkg/sentry/syscalls/linux/vfs2/mount.go
@@ -21,7 +21,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/arch"
"gvisor.dev/gvisor/pkg/sentry/kernel"
"gvisor.dev/gvisor/pkg/sentry/vfs"
- "gvisor.dev/gvisor/pkg/syserror"
)
// Mount implements Linux syscall mount(2).
@@ -69,7 +68,7 @@ func Mount(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
// namespace.
creds := t.Credentials()
if !creds.HasCapabilityIn(linux.CAP_SYS_ADMIN, t.MountNamespaceVFS2().Owner) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
const unsupportedOps = linux.MS_REMOUNT | linux.MS_BIND |
@@ -125,7 +124,7 @@ func Umount2(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
// Currently, this is always the init task's user namespace.
creds := t.Credentials()
if !creds.HasCapabilityIn(linux.CAP_SYS_ADMIN, t.MountNamespaceVFS2().Owner) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
const unsupported = linux.MNT_FORCE | linux.MNT_EXPIRE
diff --git a/pkg/sentry/syscalls/linux/vfs2/path.go b/pkg/sentry/syscalls/linux/vfs2/path.go
index 2aaf1ed74..2bb783a85 100644
--- a/pkg/sentry/syscalls/linux/vfs2/path.go
+++ b/pkg/sentry/syscalls/linux/vfs2/path.go
@@ -16,12 +16,12 @@ package vfs2
import (
"gvisor.dev/gvisor/pkg/abi/linux"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/fspath"
+ "gvisor.dev/gvisor/pkg/hostarch"
"gvisor.dev/gvisor/pkg/sentry/kernel"
"gvisor.dev/gvisor/pkg/sentry/vfs"
"gvisor.dev/gvisor/pkg/syserror"
-
- "gvisor.dev/gvisor/pkg/hostarch"
)
func copyInPath(t *kernel.Task, addr hostarch.Addr) (fspath.Path, error) {
@@ -53,7 +53,7 @@ func getTaskPathOperation(t *kernel.Task, dirfd int32, path fspath.Path, shouldA
dirfile := t.GetFileVFS2(dirfd)
if dirfile == nil {
root.DecRef(t)
- return taskPathOperation{}, syserror.EBADF
+ return taskPathOperation{}, linuxerr.EBADF
}
start = dirfile.VirtualDentry()
start.IncRef()
diff --git a/pkg/sentry/syscalls/linux/vfs2/poll.go b/pkg/sentry/syscalls/linux/vfs2/poll.go
index ea95dd78c..042aa4c97 100644
--- a/pkg/sentry/syscalls/linux/vfs2/poll.go
+++ b/pkg/sentry/syscalls/linux/vfs2/poll.go
@@ -269,7 +269,7 @@ func doSelect(t *kernel.Task, nfds int, readFDs, writeFDs, exceptFDs hostarch.Ad
// OK. Linux is racy in the same way.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/vfs2/read_write.go b/pkg/sentry/syscalls/linux/vfs2/read_write.go
index 3e515f6fd..fe8aa06da 100644
--- a/pkg/sentry/syscalls/linux/vfs2/read_write.go
+++ b/pkg/sentry/syscalls/linux/vfs2/read_write.go
@@ -43,7 +43,7 @@ func Read(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -74,7 +74,7 @@ func Readv(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -141,7 +141,7 @@ func Pread64(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -178,7 +178,7 @@ func Preadv(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -216,7 +216,7 @@ func Preadv2(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -294,7 +294,7 @@ func Write(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -325,7 +325,7 @@ func Writev(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -391,7 +391,7 @@ func Pwrite64(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -428,7 +428,7 @@ func Pwritev(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -466,7 +466,7 @@ func Pwritev2(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -561,7 +561,7 @@ func Lseek(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -577,13 +577,13 @@ func Readahead(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
// Check that the file is readable.
if !file.IsReadable() {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Check that the size is valid.
diff --git a/pkg/sentry/syscalls/linux/vfs2/setstat.go b/pkg/sentry/syscalls/linux/vfs2/setstat.go
index 0fbafd6f6..989cd75f1 100644
--- a/pkg/sentry/syscalls/linux/vfs2/setstat.go
+++ b/pkg/sentry/syscalls/linux/vfs2/setstat.go
@@ -65,7 +65,7 @@ func Fchmod(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -150,7 +150,7 @@ func Fchown(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -196,7 +196,7 @@ func Ftruncate(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -222,12 +222,12 @@ func Fallocate(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
if !file.IsWritable() {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
if mode != 0 {
return 0, nil, syserror.ENOTSUP
@@ -440,7 +440,7 @@ func setstatat(t *kernel.Task, dirfd int32, path fspath.Path, shouldAllowEmptyPa
} else {
dirfile := t.GetFileVFS2(dirfd)
if dirfile == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
if !path.HasComponents() {
// Use FileDescription.SetStat() instead of
diff --git a/pkg/sentry/syscalls/linux/vfs2/signal.go b/pkg/sentry/syscalls/linux/vfs2/signal.go
index 8b219cba7..27fb2139b 100644
--- a/pkg/sentry/syscalls/linux/vfs2/signal.go
+++ b/pkg/sentry/syscalls/linux/vfs2/signal.go
@@ -22,7 +22,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/fsimpl/signalfd"
"gvisor.dev/gvisor/pkg/sentry/kernel"
slinux "gvisor.dev/gvisor/pkg/sentry/syscalls/linux"
- "gvisor.dev/gvisor/pkg/syserror"
)
// sharedSignalfd is shared between the two calls.
@@ -44,7 +43,7 @@ func sharedSignalfd(t *kernel.Task, fd int32, sigset hostarch.Addr, sigsetsize u
if fd != -1 {
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/vfs2/socket.go b/pkg/sentry/syscalls/linux/vfs2/socket.go
index c78c7d951..ee6e07a80 100644
--- a/pkg/sentry/syscalls/linux/vfs2/socket.go
+++ b/pkg/sentry/syscalls/linux/vfs2/socket.go
@@ -257,7 +257,7 @@ func Connect(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -288,7 +288,7 @@ func accept(t *kernel.Task, fd int32, addr hostarch.Addr, addrLen hostarch.Addr,
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -347,7 +347,7 @@ func Bind(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallC
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -374,7 +374,7 @@ func Listen(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -412,7 +412,7 @@ func Shutdown(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -443,7 +443,7 @@ func GetSockOpt(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sy
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -524,7 +524,7 @@ func SetSockOpt(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sy
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -562,7 +562,7 @@ func GetSockName(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.S
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -590,7 +590,7 @@ func GetPeerName(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.S
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -623,7 +623,7 @@ func RecvMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -680,7 +680,7 @@ func RecvMMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -845,7 +845,7 @@ func recvFrom(t *kernel.Task, fd int32, bufPtr hostarch.Addr, bufLen uint64, fla
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -918,7 +918,7 @@ func SendMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysca
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -960,7 +960,7 @@ func SendMMsg(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -1084,7 +1084,7 @@ func sendTo(t *kernel.Task, fd int32, bufPtr hostarch.Addr, bufLen uint64, flags
// Get socket from the file descriptor.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
defer file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/vfs2/splice.go b/pkg/sentry/syscalls/linux/vfs2/splice.go
index 6ddc72999..7a8aef5d4 100644
--- a/pkg/sentry/syscalls/linux/vfs2/splice.go
+++ b/pkg/sentry/syscalls/linux/vfs2/splice.go
@@ -58,18 +58,18 @@ func Splice(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
// Get file descriptions.
inFile := t.GetFileVFS2(inFD)
if inFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer inFile.DecRef(t)
outFile := t.GetFileVFS2(outFD)
if outFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer outFile.DecRef(t)
// Check that both files support the required directionality.
if !inFile.IsReadable() || !outFile.IsWritable() {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// The operation is non-blocking if anything is non-blocking.
@@ -201,18 +201,18 @@ func Tee(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallCo
// Get file descriptions.
inFile := t.GetFileVFS2(inFD)
if inFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer inFile.DecRef(t)
outFile := t.GetFileVFS2(outFD)
if outFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer outFile.DecRef(t)
// Check that both files support the required directionality.
if !inFile.IsReadable() || !outFile.IsWritable() {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// The operation is non-blocking if anything is non-blocking.
@@ -271,20 +271,20 @@ func Sendfile(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sysc
inFile := t.GetFileVFS2(inFD)
if inFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer inFile.DecRef(t)
if !inFile.IsReadable() {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
outFile := t.GetFileVFS2(outFD)
if outFile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer outFile.DecRef(t)
if !outFile.IsWritable() {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
// Verify that the outFile Append flag is not set.
diff --git a/pkg/sentry/syscalls/linux/vfs2/stat.go b/pkg/sentry/syscalls/linux/vfs2/stat.go
index 8a22ed8a5..ba1d30823 100644
--- a/pkg/sentry/syscalls/linux/vfs2/stat.go
+++ b/pkg/sentry/syscalls/linux/vfs2/stat.go
@@ -78,7 +78,7 @@ func fstatat(t *kernel.Task, dirfd int32, pathAddr, statAddr hostarch.Addr, flag
} else {
dirfile := t.GetFileVFS2(dirfd)
if dirfile == nil {
- return syserror.EBADF
+ return linuxerr.EBADF
}
if !path.HasComponents() {
// Use FileDescription.Stat() instead of
@@ -131,7 +131,7 @@ func Fstat(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -190,7 +190,7 @@ func Statx(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
} else {
dirfile := t.GetFileVFS2(dirfd)
if dirfile == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
if !path.HasComponents() {
// Use FileDescription.Stat() instead of
diff --git a/pkg/sentry/syscalls/linux/vfs2/sync.go b/pkg/sentry/syscalls/linux/vfs2/sync.go
index 9344a81ce..d0ffc7c32 100644
--- a/pkg/sentry/syscalls/linux/vfs2/sync.go
+++ b/pkg/sentry/syscalls/linux/vfs2/sync.go
@@ -33,12 +33,12 @@ func Syncfs(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscal
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
if file.StatusFlags()&linux.O_PATH != 0 {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
return 0, nil, file.SyncFS(t)
@@ -50,7 +50,7 @@ func Fsync(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Syscall
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -80,7 +80,7 @@ func SyncFileRange(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/vfs2/timerfd.go b/pkg/sentry/syscalls/linux/vfs2/timerfd.go
index 0794330c6..b8f96a757 100644
--- a/pkg/sentry/syscalls/linux/vfs2/timerfd.go
+++ b/pkg/sentry/syscalls/linux/vfs2/timerfd.go
@@ -21,7 +21,6 @@ import (
"gvisor.dev/gvisor/pkg/sentry/fsimpl/timerfd"
"gvisor.dev/gvisor/pkg/sentry/kernel"
ktime "gvisor.dev/gvisor/pkg/sentry/kernel/time"
- "gvisor.dev/gvisor/pkg/syserror"
)
// TimerfdCreate implements Linux syscall timerfd_create(2).
@@ -78,7 +77,7 @@ func TimerfdSettime(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kerne
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -112,7 +111,7 @@ func TimerfdGettime(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kerne
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
diff --git a/pkg/sentry/syscalls/linux/vfs2/xattr.go b/pkg/sentry/syscalls/linux/vfs2/xattr.go
index 33209a8d0..0f54529bc 100644
--- a/pkg/sentry/syscalls/linux/vfs2/xattr.go
+++ b/pkg/sentry/syscalls/linux/vfs2/xattr.go
@@ -72,7 +72,7 @@ func Flistxattr(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sy
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -141,7 +141,7 @@ func Fgetxattr(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -222,7 +222,7 @@ func Fsetxattr(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.Sys
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
@@ -281,7 +281,7 @@ func Fremovexattr(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.
file := t.GetFileVFS2(fd)
if file == nil {
- return 0, nil, syserror.EBADF
+ return 0, nil, linuxerr.EBADF
}
defer file.DecRef(t)
diff --git a/pkg/sentry/syscalls/syscalls.go b/pkg/sentry/syscalls/syscalls.go
index f88055676..511fb8b28 100644
--- a/pkg/sentry/syscalls/syscalls.go
+++ b/pkg/sentry/syscalls/syscalls.go
@@ -28,6 +28,7 @@ import (
"fmt"
"gvisor.dev/gvisor/pkg/abi/linux"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/arch"
"gvisor.dev/gvisor/pkg/sentry/kernel"
"gvisor.dev/gvisor/pkg/syserror"
@@ -99,13 +100,13 @@ func CapError(name string, c linux.Capability, note string, urls []string) kerne
Name: name,
Fn: func(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) {
if !t.HasCapability(c) {
- return 0, nil, syserror.EPERM
+ return 0, nil, linuxerr.EPERM
}
t.Kernel().EmitUnimplementedEvent(t)
return 0, nil, syserror.ENOSYS
},
SupportLevel: kernel.SupportUnimplemented,
- Note: fmt.Sprintf("%sReturns %q if the process does not have %s; %q otherwise.", note, syserror.EPERM, c.String(), syserror.ENOSYS),
+ Note: fmt.Sprintf("%sReturns %q if the process does not have %s; %q otherwise.", note, linuxerr.EPERM, c.String(), syserror.ENOSYS),
URLs: urls,
}
}
diff --git a/pkg/sentry/vfs/anonfs.go b/pkg/sentry/vfs/anonfs.go
index 8b3612200..bb8c26e46 100644
--- a/pkg/sentry/vfs/anonfs.go
+++ b/pkg/sentry/vfs/anonfs.go
@@ -133,7 +133,7 @@ func (fs *anonFilesystem) LinkAt(ctx context.Context, rp *ResolvingPath, vd Virt
if !rp.Final() {
return syserror.ENOTDIR
}
- return syserror.EPERM
+ return linuxerr.EPERM
}
// MkdirAt implements FilesystemImpl.MkdirAt.
@@ -141,7 +141,7 @@ func (fs *anonFilesystem) MkdirAt(ctx context.Context, rp *ResolvingPath, opts M
if !rp.Final() {
return syserror.ENOTDIR
}
- return syserror.EPERM
+ return linuxerr.EPERM
}
// MknodAt implements FilesystemImpl.MknodAt.
@@ -149,7 +149,7 @@ func (fs *anonFilesystem) MknodAt(ctx context.Context, rp *ResolvingPath, opts M
if !rp.Final() {
return syserror.ENOTDIR
}
- return syserror.EPERM
+ return linuxerr.EPERM
}
// OpenAt implements FilesystemImpl.OpenAt.
@@ -173,7 +173,7 @@ func (fs *anonFilesystem) RenameAt(ctx context.Context, rp *ResolvingPath, oldPa
if !rp.Final() {
return syserror.ENOTDIR
}
- return syserror.EPERM
+ return linuxerr.EPERM
}
// RmdirAt implements FilesystemImpl.RmdirAt.
@@ -181,7 +181,7 @@ func (fs *anonFilesystem) RmdirAt(ctx context.Context, rp *ResolvingPath) error
if !rp.Final() {
return syserror.ENOTDIR
}
- return syserror.EPERM
+ return linuxerr.EPERM
}
// SetStatAt implements FilesystemImpl.SetStatAt.
@@ -232,7 +232,7 @@ func (fs *anonFilesystem) SymlinkAt(ctx context.Context, rp *ResolvingPath, targ
if !rp.Final() {
return syserror.ENOTDIR
}
- return syserror.EPERM
+ return linuxerr.EPERM
}
// UnlinkAt implements FilesystemImpl.UnlinkAt.
@@ -240,7 +240,7 @@ func (fs *anonFilesystem) UnlinkAt(ctx context.Context, rp *ResolvingPath) error
if !rp.Final() {
return syserror.ENOTDIR
}
- return syserror.EPERM
+ return linuxerr.EPERM
}
// BoundEndpointAt implements FilesystemImpl.BoundEndpointAt.
@@ -275,7 +275,7 @@ func (fs *anonFilesystem) SetXattrAt(ctx context.Context, rp *ResolvingPath, opt
if !rp.Done() {
return syserror.ENOTDIR
}
- return syserror.EPERM
+ return linuxerr.EPERM
}
// RemoveXattrAt implements FilesystemImpl.RemoveXattrAt.
@@ -283,7 +283,7 @@ func (fs *anonFilesystem) RemoveXattrAt(ctx context.Context, rp *ResolvingPath,
if !rp.Done() {
return syserror.ENOTDIR
}
- return syserror.EPERM
+ return linuxerr.EPERM
}
// PrependPath implements FilesystemImpl.PrependPath.
diff --git a/pkg/sentry/vfs/file_description.go b/pkg/sentry/vfs/file_description.go
index 63ee0aab3..6ded82baf 100644
--- a/pkg/sentry/vfs/file_description.go
+++ b/pkg/sentry/vfs/file_description.go
@@ -253,7 +253,7 @@ func (fd *FileDescription) SetStatusFlags(ctx context.Context, creds *auth.Crede
return err
}
if (stat.AttributesMask&linux.STATX_ATTR_APPEND != 0) && (stat.Attributes&linux.STATX_ATTR_APPEND != 0) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
if (flags&linux.O_NOATIME != 0) && (oldFlags&linux.O_NOATIME == 0) {
@@ -267,10 +267,10 @@ func (fd *FileDescription) SetStatusFlags(ctx context.Context, creds *auth.Crede
return err
}
if stat.Mask&linux.STATX_UID == 0 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if !CanActAsOwner(creds, auth.KUID(stat.UID)) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
if flags&linux.O_DIRECT != 0 && !fd.opts.AllowDirectIO {
@@ -568,7 +568,7 @@ func (fd *FileDescription) StatFS(ctx context.Context) (linux.Statfs, error) {
// Allocate grows file represented by FileDescription to offset + length bytes.
func (fd *FileDescription) Allocate(ctx context.Context, mode, offset, length uint64) error {
if !fd.IsWritable() {
- return syserror.EBADF
+ return linuxerr.EBADF
}
if err := fd.impl.Allocate(ctx, mode, offset, length); err != nil {
return err
@@ -606,7 +606,7 @@ func (fd *FileDescription) PRead(ctx context.Context, dst usermem.IOSequence, of
return 0, syserror.ESPIPE
}
if !fd.readable {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
start := fsmetric.StartReadWait()
n, err := fd.impl.PRead(ctx, dst, offset, opts)
@@ -621,7 +621,7 @@ func (fd *FileDescription) PRead(ctx context.Context, dst usermem.IOSequence, of
// Read is similar to PRead, but does not specify an offset.
func (fd *FileDescription) Read(ctx context.Context, dst usermem.IOSequence, opts ReadOptions) (int64, error) {
if !fd.readable {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
start := fsmetric.StartReadWait()
n, err := fd.impl.Read(ctx, dst, opts)
@@ -641,7 +641,7 @@ func (fd *FileDescription) PWrite(ctx context.Context, src usermem.IOSequence, o
return 0, syserror.ESPIPE
}
if !fd.writable {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
n, err := fd.impl.PWrite(ctx, src, offset, opts)
if n > 0 {
@@ -653,7 +653,7 @@ func (fd *FileDescription) PWrite(ctx context.Context, src usermem.IOSequence, o
// Write is similar to PWrite, but does not specify an offset.
func (fd *FileDescription) Write(ctx context.Context, src usermem.IOSequence, opts WriteOptions) (int64, error) {
if !fd.writable {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
n, err := fd.impl.Write(ctx, src, opts)
if n > 0 {
diff --git a/pkg/sentry/vfs/file_description_impl_util.go b/pkg/sentry/vfs/file_description_impl_util.go
index cffb46aab..c947d0c6c 100644
--- a/pkg/sentry/vfs/file_description_impl_util.go
+++ b/pkg/sentry/vfs/file_description_impl_util.go
@@ -504,25 +504,25 @@ func (BadLockFD) SupportsLocks() bool {
// LockBSD implements FileDescriptionImpl.LockBSD.
func (BadLockFD) LockBSD(ctx context.Context, uid fslock.UniqueID, ownerPID int32, t fslock.LockType, block fslock.Blocker) error {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// UnlockBSD implements FileDescriptionImpl.UnlockBSD.
func (BadLockFD) UnlockBSD(ctx context.Context, uid fslock.UniqueID) error {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// LockPOSIX implements FileDescriptionImpl.LockPOSIX.
func (BadLockFD) LockPOSIX(ctx context.Context, uid fslock.UniqueID, ownerPID int32, t fslock.LockType, r fslock.LockRange, block fslock.Blocker) error {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// UnlockPOSIX implements FileDescriptionImpl.UnlockPOSIX.
func (BadLockFD) UnlockPOSIX(ctx context.Context, uid fslock.UniqueID, r fslock.LockRange) error {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// TestPOSIX implements FileDescriptionImpl.TestPOSIX.
func (BadLockFD) TestPOSIX(ctx context.Context, uid fslock.UniqueID, t fslock.LockType, r fslock.LockRange) (linux.Flock, error) {
- return linux.Flock{}, syserror.EBADF
+ return linux.Flock{}, linuxerr.EBADF
}
diff --git a/pkg/sentry/vfs/inotify.go b/pkg/sentry/vfs/inotify.go
index a7655bbb5..ebbbda697 100644
--- a/pkg/sentry/vfs/inotify.go
+++ b/pkg/sentry/vfs/inotify.go
@@ -195,7 +195,7 @@ func (*Inotify) PWrite(ctx context.Context, src usermem.IOSequence, offset int64
// Write implements FileDescriptionImpl.Write.
func (*Inotify) Write(ctx context.Context, src usermem.IOSequence, opts WriteOptions) (int64, error) {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
// Read implements FileDescriptionImpl.Read.
@@ -333,7 +333,7 @@ func (i *Inotify) AddWatch(target *Dentry, mask uint32) (int32, error) {
if ws == nil {
// While Linux supports inotify watches on all filesystem types, watches on
// filesystems like kernfs are not generally useful, so we do not.
- return 0, syserror.EPERM
+ return 0, linuxerr.EPERM
}
// Does the target already have a watch from this inotify instance?
if existing := ws.Lookup(i.id); existing != nil {
diff --git a/pkg/sentry/vfs/mount.go b/pkg/sentry/vfs/mount.go
index 03857dfc8..ceb1e5fff 100644
--- a/pkg/sentry/vfs/mount.go
+++ b/pkg/sentry/vfs/mount.go
@@ -293,7 +293,7 @@ func (vfs *VirtualFilesystem) UmountAt(ctx context.Context, creds *auth.Credenti
// namespace, and not in the owner user namespace for the target mount. See
// fs/namespace.c:SYSCALL_DEFINE2(umount, ...)
if opts.Flags&linux.MNT_FORCE != 0 && creds.HasCapabilityIn(linux.CAP_SYS_ADMIN, creds.UserNamespace.Root()) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
vd, err := vfs.GetDentryAt(ctx, creds, pop, &GetDentryOptions{})
diff --git a/pkg/sentry/vfs/opath.go b/pkg/sentry/vfs/opath.go
index e9651b631..da0b33b79 100644
--- a/pkg/sentry/vfs/opath.go
+++ b/pkg/sentry/vfs/opath.go
@@ -17,10 +17,10 @@ package vfs
import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/arch"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
"gvisor.dev/gvisor/pkg/sentry/memmap"
- "gvisor.dev/gvisor/pkg/syserror"
"gvisor.dev/gvisor/pkg/usermem"
)
@@ -40,77 +40,77 @@ func (fd *opathFD) Release(context.Context) {
// Allocate implements FileDescriptionImpl.Allocate.
func (fd *opathFD) Allocate(ctx context.Context, mode, offset, length uint64) error {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// PRead implements FileDescriptionImpl.PRead.
func (fd *opathFD) PRead(ctx context.Context, dst usermem.IOSequence, offset int64, opts ReadOptions) (int64, error) {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
// Read implements FileDescriptionImpl.Read.
func (fd *opathFD) Read(ctx context.Context, dst usermem.IOSequence, opts ReadOptions) (int64, error) {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
// PWrite implements FileDescriptionImpl.PWrite.
func (fd *opathFD) PWrite(ctx context.Context, src usermem.IOSequence, offset int64, opts WriteOptions) (int64, error) {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
// Write implements FileDescriptionImpl.Write.
func (fd *opathFD) Write(ctx context.Context, src usermem.IOSequence, opts WriteOptions) (int64, error) {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
// Ioctl implements FileDescriptionImpl.Ioctl.
func (fd *opathFD) Ioctl(ctx context.Context, uio usermem.IO, args arch.SyscallArguments) (uintptr, error) {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
// IterDirents implements FileDescriptionImpl.IterDirents.
func (fd *opathFD) IterDirents(ctx context.Context, cb IterDirentsCallback) error {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// Seek implements FileDescriptionImpl.Seek.
func (fd *opathFD) Seek(ctx context.Context, offset int64, whence int32) (int64, error) {
- return 0, syserror.EBADF
+ return 0, linuxerr.EBADF
}
// ConfigureMMap implements FileDescriptionImpl.ConfigureMMap.
func (fd *opathFD) ConfigureMMap(ctx context.Context, opts *memmap.MMapOpts) error {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// ListXattr implements FileDescriptionImpl.ListXattr.
func (fd *opathFD) ListXattr(ctx context.Context, size uint64) ([]string, error) {
- return nil, syserror.EBADF
+ return nil, linuxerr.EBADF
}
// GetXattr implements FileDescriptionImpl.GetXattr.
func (fd *opathFD) GetXattr(ctx context.Context, opts GetXattrOptions) (string, error) {
- return "", syserror.EBADF
+ return "", linuxerr.EBADF
}
// SetXattr implements FileDescriptionImpl.SetXattr.
func (fd *opathFD) SetXattr(ctx context.Context, opts SetXattrOptions) error {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// RemoveXattr implements FileDescriptionImpl.RemoveXattr.
func (fd *opathFD) RemoveXattr(ctx context.Context, name string) error {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// Sync implements FileDescriptionImpl.Sync.
func (fd *opathFD) Sync(ctx context.Context) error {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// SetStat implements FileDescriptionImpl.SetStat.
func (fd *opathFD) SetStat(ctx context.Context, opts SetStatOptions) error {
- return syserror.EBADF
+ return linuxerr.EBADF
}
// Stat implements FileDescriptionImpl.Stat.
diff --git a/pkg/sentry/vfs/permissions.go b/pkg/sentry/vfs/permissions.go
index b7704874f..22abdd5b8 100644
--- a/pkg/sentry/vfs/permissions.go
+++ b/pkg/sentry/vfs/permissions.go
@@ -20,6 +20,7 @@ import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
"gvisor.dev/gvisor/pkg/sentry/limits"
"gvisor.dev/gvisor/pkg/syserror"
@@ -77,7 +78,7 @@ func GenericCheckPermissions(creds *auth.Credentials, ats AccessTypes, mode linu
// the caller's user namespace; compare
// kernel/capability.c:privileged_wrt_inode_uidgid().
if !kuid.In(creds.UserNamespace).Ok() || !kgid.In(creds.UserNamespace).Ok() {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// CAP_DAC_READ_SEARCH allows the caller to read and search arbitrary
// directories, and read arbitrary non-directory files.
@@ -94,7 +95,7 @@ func GenericCheckPermissions(creds *auth.Credentials, ats AccessTypes, mode linu
return nil
}
}
- return syserror.EACCES
+ return linuxerr.EACCES
}
// MayLink determines whether creating a hard link to a file with the given
@@ -110,12 +111,12 @@ func MayLink(creds *auth.Credentials, mode linux.FileMode, kuid auth.KUID, kgid
// Only regular files can be hard linked.
if mode.FileType() != linux.S_IFREG {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Setuid files should not get pinned to the filesystem.
if mode&linux.S_ISUID != 0 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Executable setgid files should not get pinned to the filesystem, but we
@@ -123,7 +124,7 @@ func MayLink(creds *auth.Credentials, mode linux.FileMode, kuid auth.KUID, kgid
// Hardlinking to unreadable or unwritable sources is dangerous.
if err := GenericCheckPermissions(creds, MayRead|MayWrite, mode, kuid, kgid); err != nil {
- return syserror.EPERM
+ return linuxerr.EPERM
}
return nil
}
@@ -199,7 +200,7 @@ func CheckSetStat(ctx context.Context, creds *auth.Credentials, opts *SetStatOpt
}
if stat.Mask&linux.STATX_MODE != 0 {
if !CanActAsOwner(creds, kuid) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// TODO(b/30815691): "If the calling process is not privileged (Linux:
// does not have the CAP_FSETID capability), and the group of the file
@@ -210,13 +211,13 @@ func CheckSetStat(ctx context.Context, creds *auth.Credentials, opts *SetStatOpt
if stat.Mask&linux.STATX_UID != 0 {
if !((creds.EffectiveKUID == kuid && auth.KUID(stat.UID) == kuid) ||
HasCapabilityOnFile(creds, linux.CAP_CHOWN, kuid, kgid)) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
if stat.Mask&linux.STATX_GID != 0 {
if !((creds.EffectiveKUID == kuid && creds.InGroup(auth.KGID(stat.GID))) ||
HasCapabilityOnFile(creds, linux.CAP_CHOWN, kuid, kgid)) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
if opts.NeedWritePerm && !creds.HasCapability(linux.CAP_DAC_OVERRIDE) {
@@ -229,7 +230,7 @@ func CheckSetStat(ctx context.Context, creds *auth.Credentials, opts *SetStatOpt
if (stat.Mask&linux.STATX_ATIME != 0 && stat.Atime.Nsec != linux.UTIME_NOW) ||
(stat.Mask&linux.STATX_MTIME != 0 && stat.Mtime.Nsec != linux.UTIME_NOW) ||
(stat.Mask&linux.STATX_CTIME != 0 && stat.Ctime.Nsec != linux.UTIME_NOW) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if err := GenericCheckPermissions(creds, MayWrite, mode, kuid, kgid); err != nil {
return err
@@ -252,7 +253,7 @@ func CheckDeleteSticky(creds *auth.Credentials, parentMode linux.FileMode, paren
HasCapabilityOnFile(creds, linux.CAP_FOWNER, childKUID, childKGID) {
return nil
}
- return syserror.EPERM
+ return linuxerr.EPERM
}
// CanActAsOwner returns true if creds can act as the owner of a file with the
@@ -306,7 +307,7 @@ func CheckXattrPermissions(creds *auth.Credentials, ats AccessTypes, mode linux.
return nil
}
if ats.MayWrite() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
return syserror.ENODATA
case strings.HasPrefix(name, linux.XATTR_USER_PREFIX):
@@ -316,12 +317,12 @@ func CheckXattrPermissions(creds *auth.Credentials, ats AccessTypes, mode linux.
filetype := mode.FileType()
if filetype != linux.ModeRegular && filetype != linux.ModeDirectory {
if ats.MayWrite() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
return syserror.ENODATA
}
if filetype == linux.ModeDirectory && mode&linux.ModeSticky != 0 && ats.MayWrite() && !CanActAsOwner(creds, kuid) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
return nil
diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go
index f2aabb905..0e94be174 100644
--- a/pkg/sentry/vfs/vfs.go
+++ b/pkg/sentry/vfs/vfs.go
@@ -449,7 +449,7 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential
if opts.FileExec {
if fd.Mount().Flags.NoExec {
fd.DecRef(ctx)
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
// Only a regular file can be executed.
@@ -460,7 +460,7 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential
}
if stat.Mask&linux.STATX_TYPE == 0 || stat.Mode&linux.S_IFMT != linux.S_IFREG {
fd.DecRef(ctx)
- return nil, syserror.EACCES
+ return nil, linuxerr.EACCES
}
}
diff --git a/pkg/syserror/syserror.go b/pkg/syserror/syserror.go
index 721f62903..ada694f5d 100644
--- a/pkg/syserror/syserror.go
+++ b/pkg/syserror/syserror.go
@@ -26,9 +26,7 @@ import (
// The following variables have the same meaning as their syscall equivalent.
var (
- EACCES = error(unix.EACCES)
EAGAIN = error(unix.EAGAIN)
- EBADF = error(unix.EBADF)
EBADFD = error(unix.EBADFD)
EBUSY = error(unix.EBUSY)
ECHILD = error(unix.ECHILD)
@@ -69,7 +67,6 @@ var (
ENXIO = error(unix.ENXIO)
EOPNOTSUPP = error(unix.EOPNOTSUPP)
EOVERFLOW = error(unix.EOVERFLOW)
- EPERM = error(unix.EPERM)
EPIPE = error(unix.EPIPE)
ERANGE = error(unix.ERANGE)
EREMOTE = error(unix.EREMOTE)
diff --git a/pkg/tcpip/link/tun/device.go b/pkg/tcpip/link/tun/device.go
index 59ac5cb8c..f3444e8b5 100644
--- a/pkg/tcpip/link/tun/device.go
+++ b/pkg/tcpip/link/tun/device.go
@@ -171,7 +171,7 @@ func (d *Device) Write(data []byte) (int64, error) {
endpoint := d.endpoint
d.mu.RUnlock()
if endpoint == nil {
- return 0, syserror.EBADFD
+ return 0, linuxerr.EBADFD
}
if !endpoint.IsAttached() {
return 0, syserror.EIO
@@ -243,7 +243,7 @@ func (d *Device) Read() ([]byte, error) {
endpoint := d.endpoint
d.mu.RUnlock()
if endpoint == nil {
- return nil, syserror.EBADFD
+ return nil, linuxerr.EBADFD
}
for {