summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/vfs/permissions.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry/vfs/permissions.go')
-rw-r--r--pkg/sentry/vfs/permissions.go27
1 files changed, 14 insertions, 13 deletions
diff --git a/pkg/sentry/vfs/permissions.go b/pkg/sentry/vfs/permissions.go
index b7704874f..22abdd5b8 100644
--- a/pkg/sentry/vfs/permissions.go
+++ b/pkg/sentry/vfs/permissions.go
@@ -20,6 +20,7 @@ import (
"gvisor.dev/gvisor/pkg/abi/linux"
"gvisor.dev/gvisor/pkg/context"
+ "gvisor.dev/gvisor/pkg/errors/linuxerr"
"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
"gvisor.dev/gvisor/pkg/sentry/limits"
"gvisor.dev/gvisor/pkg/syserror"
@@ -77,7 +78,7 @@ func GenericCheckPermissions(creds *auth.Credentials, ats AccessTypes, mode linu
// the caller's user namespace; compare
// kernel/capability.c:privileged_wrt_inode_uidgid().
if !kuid.In(creds.UserNamespace).Ok() || !kgid.In(creds.UserNamespace).Ok() {
- return syserror.EACCES
+ return linuxerr.EACCES
}
// CAP_DAC_READ_SEARCH allows the caller to read and search arbitrary
// directories, and read arbitrary non-directory files.
@@ -94,7 +95,7 @@ func GenericCheckPermissions(creds *auth.Credentials, ats AccessTypes, mode linu
return nil
}
}
- return syserror.EACCES
+ return linuxerr.EACCES
}
// MayLink determines whether creating a hard link to a file with the given
@@ -110,12 +111,12 @@ func MayLink(creds *auth.Credentials, mode linux.FileMode, kuid auth.KUID, kgid
// Only regular files can be hard linked.
if mode.FileType() != linux.S_IFREG {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Setuid files should not get pinned to the filesystem.
if mode&linux.S_ISUID != 0 {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// Executable setgid files should not get pinned to the filesystem, but we
@@ -123,7 +124,7 @@ func MayLink(creds *auth.Credentials, mode linux.FileMode, kuid auth.KUID, kgid
// Hardlinking to unreadable or unwritable sources is dangerous.
if err := GenericCheckPermissions(creds, MayRead|MayWrite, mode, kuid, kgid); err != nil {
- return syserror.EPERM
+ return linuxerr.EPERM
}
return nil
}
@@ -199,7 +200,7 @@ func CheckSetStat(ctx context.Context, creds *auth.Credentials, opts *SetStatOpt
}
if stat.Mask&linux.STATX_MODE != 0 {
if !CanActAsOwner(creds, kuid) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
// TODO(b/30815691): "If the calling process is not privileged (Linux:
// does not have the CAP_FSETID capability), and the group of the file
@@ -210,13 +211,13 @@ func CheckSetStat(ctx context.Context, creds *auth.Credentials, opts *SetStatOpt
if stat.Mask&linux.STATX_UID != 0 {
if !((creds.EffectiveKUID == kuid && auth.KUID(stat.UID) == kuid) ||
HasCapabilityOnFile(creds, linux.CAP_CHOWN, kuid, kgid)) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
if stat.Mask&linux.STATX_GID != 0 {
if !((creds.EffectiveKUID == kuid && creds.InGroup(auth.KGID(stat.GID))) ||
HasCapabilityOnFile(creds, linux.CAP_CHOWN, kuid, kgid)) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
if opts.NeedWritePerm && !creds.HasCapability(linux.CAP_DAC_OVERRIDE) {
@@ -229,7 +230,7 @@ func CheckSetStat(ctx context.Context, creds *auth.Credentials, opts *SetStatOpt
if (stat.Mask&linux.STATX_ATIME != 0 && stat.Atime.Nsec != linux.UTIME_NOW) ||
(stat.Mask&linux.STATX_MTIME != 0 && stat.Mtime.Nsec != linux.UTIME_NOW) ||
(stat.Mask&linux.STATX_CTIME != 0 && stat.Ctime.Nsec != linux.UTIME_NOW) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
if err := GenericCheckPermissions(creds, MayWrite, mode, kuid, kgid); err != nil {
return err
@@ -252,7 +253,7 @@ func CheckDeleteSticky(creds *auth.Credentials, parentMode linux.FileMode, paren
HasCapabilityOnFile(creds, linux.CAP_FOWNER, childKUID, childKGID) {
return nil
}
- return syserror.EPERM
+ return linuxerr.EPERM
}
// CanActAsOwner returns true if creds can act as the owner of a file with the
@@ -306,7 +307,7 @@ func CheckXattrPermissions(creds *auth.Credentials, ats AccessTypes, mode linux.
return nil
}
if ats.MayWrite() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
return syserror.ENODATA
case strings.HasPrefix(name, linux.XATTR_USER_PREFIX):
@@ -316,12 +317,12 @@ func CheckXattrPermissions(creds *auth.Credentials, ats AccessTypes, mode linux.
filetype := mode.FileType()
if filetype != linux.ModeRegular && filetype != linux.ModeDirectory {
if ats.MayWrite() {
- return syserror.EPERM
+ return linuxerr.EPERM
}
return syserror.ENODATA
}
if filetype == linux.ModeDirectory && mode&linux.ModeSticky != 0 && ats.MayWrite() && !CanActAsOwner(creds, kuid) {
- return syserror.EPERM
+ return linuxerr.EPERM
}
}
return nil
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-07 01:33:52 +0000