[vfs] Make sticky bit check consistent with Linux.

Our implementation of vfs.CheckDeleteSticky was not consistent with Linux,
specifically not consistent with fs/linux.h:check_sticky().

One of the biggest differences was that the vfs implementation did not
allow the owner of the sticky directory to delete files inside it that belonged
to other users.

This change makes our implementation consistent with Linux.

Also adds an integration test to check for this. This bug is also present in
VFS1.

Updates #3027

PiperOrigin-RevId: 355557425

1 files changed, 14 insertions, 0 deletions

diff --git a/test/e2e/integration_test.go b/test/e2e/integration_test.go
index aaffabfd0..a180f5ac5 100644
--- a/test/e2e/integration_test.go
+++ b/test/e2e/integration_test.go
@@ -487,6 +487,20 @@ func TestPing6Loopback(t *testing.T) {
 	runIntegrationTest(t, []string{"NET_ADMIN"}, "./ping6.sh")
 }
 
+// This test checks that the owner of the sticky directory can delete files
+// inside it belonging to other users. It also checks that the owner of a file
+// can always delete its file when the file is inside a sticky directory owned
+// by another user.
+func TestStickyDir(t *testing.T) {
+	if vfs2Used, err := dockerutil.UsingVFS2(); err != nil {
+		t.Fatalf("failed to read config for runtime %s: %v", dockerutil.Runtime(), err)
+	} else if !vfs2Used {
+		t.Skip("sticky bit test fails on VFS1.")
+	}
+
+	runIntegrationTest(t, nil, "sh", "-c", "gcc -O2 -o test_sticky test_sticky.c && ./test_sticky")
+}
+
 func runIntegrationTest(t *testing.T, capAdd []string, args ...string) {
 	ctx := context.Background()
 	d := dockerutil.MakeContainer(ctx, t)