summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry')
-rw-r--r--pkg/sentry/vfs/resolving_path.go57
-rw-r--r--pkg/sentry/vfs/vfs.go1
-rw-r--r--pkg/sentry/vfs/vfs_state_autogen.go40
3 files changed, 24 insertions, 74 deletions
diff --git a/pkg/sentry/vfs/resolving_path.go b/pkg/sentry/vfs/resolving_path.go
index 634c8b097..97b898aba 100644
--- a/pkg/sentry/vfs/resolving_path.go
+++ b/pkg/sentry/vfs/resolving_path.go
@@ -44,13 +44,10 @@ type ResolvingPath struct {
start *Dentry
pit fspath.Iterator
- flags uint16
- mustBeDir bool // final file must be a directory?
- mustBeDirOrig bool
- symlinks uint8 // number of symlinks traversed
- symlinksOrig uint8
- curPart uint8 // index into parts
- numOrigParts uint8
+ flags uint16
+ mustBeDir bool // final file must be a directory?
+ symlinks uint8 // number of symlinks traversed
+ curPart uint8 // index into parts
creds *auth.Credentials
@@ -60,14 +57,9 @@ type ResolvingPath struct {
nextStart *Dentry // ref held if not nil
absSymlinkTarget fspath.Path
- // ResolvingPath must track up to two relative paths: the "current"
- // relative path, which is updated whenever a relative symlink is
- // encountered, and the "original" relative path, which is updated from the
- // current relative path by handleError() when resolution must change
- // filesystems (due to reaching a mount boundary or absolute symlink) and
- // overwrites the current relative path when Restart() is called.
- parts [1 + linux.MaxSymlinkTraversals]fspath.Iterator
- origParts [1 + linux.MaxSymlinkTraversals]fspath.Iterator
+ // ResolvingPath tracks relative paths, which is updated whenever a relative
+ // symlink is encountered.
+ parts [1 + linux.MaxSymlinkTraversals]fspath.Iterator
}
const (
@@ -134,13 +126,10 @@ func (vfs *VirtualFilesystem) getResolvingPath(creds *auth.Credentials, pop *Pat
rp.flags |= rpflagsFollowFinalSymlink
}
rp.mustBeDir = pop.Path.Dir
- rp.mustBeDirOrig = pop.Path.Dir
rp.symlinks = 0
rp.curPart = 0
- rp.numOrigParts = 1
rp.creds = creds
rp.parts[0] = pop.Path.Begin
- rp.origParts[0] = pop.Path.Begin
return rp
}
@@ -265,25 +254,6 @@ func (rp *ResolvingPath) Advance() {
}
}
-// Restart resets the stream of path components represented by rp to its state
-// on entry to the current FilesystemImpl method.
-func (rp *ResolvingPath) Restart(ctx context.Context) {
- rp.pit = rp.origParts[rp.numOrigParts-1]
- rp.mustBeDir = rp.mustBeDirOrig
- rp.symlinks = rp.symlinksOrig
- rp.curPart = rp.numOrigParts - 1
- copy(rp.parts[:], rp.origParts[:rp.numOrigParts])
- rp.releaseErrorState(ctx)
-}
-
-func (rp *ResolvingPath) relpathCommit() {
- rp.mustBeDirOrig = rp.mustBeDir
- rp.symlinksOrig = rp.symlinks
- rp.numOrigParts = rp.curPart + 1
- copy(rp.origParts[:rp.curPart], rp.parts[:])
- rp.origParts[rp.curPart] = rp.pit
-}
-
// CheckRoot is called before resolving the parent of the Dentry d. If the
// Dentry is contextually a VFS root, such that path resolution should treat
// d's parent as itself, CheckRoot returns (true, nil). If the Dentry is the
@@ -430,11 +400,10 @@ func (rp *ResolvingPath) handleError(ctx context.Context, err error) bool {
rp.flags |= rpflagsHaveMountRef | rpflagsHaveStartRef
rp.nextMount = nil
rp.nextStart = nil
- // Commit the previous FileystemImpl's progress through the relative
- // path. (Don't consume the path component that caused us to traverse
+ // Don't consume the path component that caused us to traverse
// through the mount root - i.e. the ".." - because we still need to
- // resolve the mount point's parent in the new FilesystemImpl.)
- rp.relpathCommit()
+ // resolve the mount point's parent in the new FilesystemImpl.
+ //
// Restart path resolution on the new Mount. Don't bother calling
// rp.releaseErrorState() since we already set nextMount and nextStart
// to nil above.
@@ -450,9 +419,6 @@ func (rp *ResolvingPath) handleError(ctx context.Context, err error) bool {
rp.nextMount = nil
// Consume the path component that represented the mount point.
rp.Advance()
- // Commit the previous FilesystemImpl's progress through the relative
- // path.
- rp.relpathCommit()
// Restart path resolution on the new Mount.
rp.releaseErrorState(ctx)
return true
@@ -467,9 +433,6 @@ func (rp *ResolvingPath) handleError(ctx context.Context, err error) bool {
rp.Advance()
// Prepend the symlink target to the relative path.
rp.relpathPrepend(rp.absSymlinkTarget)
- // Commit the previous FilesystemImpl's progress through the relative
- // path, including the symlink target we just prepended.
- rp.relpathCommit()
// Restart path resolution on the new Mount.
rp.releaseErrorState(ctx)
return true
diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go
index 8b392232a..87fdcf403 100644
--- a/pkg/sentry/vfs/vfs.go
+++ b/pkg/sentry/vfs/vfs.go
@@ -425,7 +425,6 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential
rp := vfs.getResolvingPath(creds, pop)
if opts.Flags&linux.O_DIRECTORY != 0 {
rp.mustBeDir = true
- rp.mustBeDirOrig = true
}
// Ignore O_PATH for verity, as verity performs extra operations on the fd for verification.
// The underlying filesystem that verity wraps opens the fd with O_PATH.
diff --git a/pkg/sentry/vfs/vfs_state_autogen.go b/pkg/sentry/vfs/vfs_state_autogen.go
index 206d55ee3..16f85d9d3 100644
--- a/pkg/sentry/vfs/vfs_state_autogen.go
+++ b/pkg/sentry/vfs/vfs_state_autogen.go
@@ -1733,17 +1733,13 @@ func (rp *ResolvingPath) StateFields() []string {
"pit",
"flags",
"mustBeDir",
- "mustBeDirOrig",
"symlinks",
- "symlinksOrig",
"curPart",
- "numOrigParts",
"creds",
"nextMount",
"nextStart",
"absSymlinkTarget",
"parts",
- "origParts",
}
}
@@ -1759,17 +1755,13 @@ func (rp *ResolvingPath) StateSave(stateSinkObject state.Sink) {
stateSinkObject.Save(4, &rp.pit)
stateSinkObject.Save(5, &rp.flags)
stateSinkObject.Save(6, &rp.mustBeDir)
- stateSinkObject.Save(7, &rp.mustBeDirOrig)
- stateSinkObject.Save(8, &rp.symlinks)
- stateSinkObject.Save(9, &rp.symlinksOrig)
- stateSinkObject.Save(10, &rp.curPart)
- stateSinkObject.Save(11, &rp.numOrigParts)
- stateSinkObject.Save(12, &rp.creds)
- stateSinkObject.Save(13, &rp.nextMount)
- stateSinkObject.Save(14, &rp.nextStart)
- stateSinkObject.Save(15, &rp.absSymlinkTarget)
- stateSinkObject.Save(16, &rp.parts)
- stateSinkObject.Save(17, &rp.origParts)
+ stateSinkObject.Save(7, &rp.symlinks)
+ stateSinkObject.Save(8, &rp.curPart)
+ stateSinkObject.Save(9, &rp.creds)
+ stateSinkObject.Save(10, &rp.nextMount)
+ stateSinkObject.Save(11, &rp.nextStart)
+ stateSinkObject.Save(12, &rp.absSymlinkTarget)
+ stateSinkObject.Save(13, &rp.parts)
}
func (rp *ResolvingPath) afterLoad() {}
@@ -1783,17 +1775,13 @@ func (rp *ResolvingPath) StateLoad(stateSourceObject state.Source) {
stateSourceObject.Load(4, &rp.pit)
stateSourceObject.Load(5, &rp.flags)
stateSourceObject.Load(6, &rp.mustBeDir)
- stateSourceObject.Load(7, &rp.mustBeDirOrig)
- stateSourceObject.Load(8, &rp.symlinks)
- stateSourceObject.Load(9, &rp.symlinksOrig)
- stateSourceObject.Load(10, &rp.curPart)
- stateSourceObject.Load(11, &rp.numOrigParts)
- stateSourceObject.Load(12, &rp.creds)
- stateSourceObject.Load(13, &rp.nextMount)
- stateSourceObject.Load(14, &rp.nextStart)
- stateSourceObject.Load(15, &rp.absSymlinkTarget)
- stateSourceObject.Load(16, &rp.parts)
- stateSourceObject.Load(17, &rp.origParts)
+ stateSourceObject.Load(7, &rp.symlinks)
+ stateSourceObject.Load(8, &rp.curPart)
+ stateSourceObject.Load(9, &rp.creds)
+ stateSourceObject.Load(10, &rp.nextMount)
+ stateSourceObject.Load(11, &rp.nextStart)
+ stateSourceObject.Load(12, &rp.absSymlinkTarget)
+ stateSourceObject.Load(13, &rp.parts)
}
func (r *resolveMountRootOrJumpError) StateTypeName() string {