summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry')
-rw-r--r--pkg/sentry/fs/fsutil/dirty_set_impl.go6
-rw-r--r--pkg/sentry/fs/fsutil/file_range_set_impl.go6
-rw-r--r--pkg/sentry/fs/fsutil/frame_ref_set_impl.go6
-rw-r--r--pkg/sentry/fs/fsutil/inode.go1
-rw-r--r--pkg/sentry/fs/inode.go1
-rw-r--r--pkg/sentry/fs/lock/lock_set.go6
-rw-r--r--pkg/sentry/kernel/auth/id.go14
-rw-r--r--pkg/sentry/kernel/auth/id_map_set.go6
-rw-r--r--pkg/sentry/kernel/kernel.go4
-rw-r--r--pkg/sentry/memmap/mapping_set_impl.go6
-rw-r--r--pkg/sentry/mm/file_refcount_set.go6
-rw-r--r--pkg/sentry/mm/pma_set.go6
-rw-r--r--pkg/sentry/mm/vma_set.go6
-rw-r--r--pkg/sentry/pgalloc/evictable_range_set.go6
-rw-r--r--pkg/sentry/pgalloc/reclaim_set.go6
-rw-r--r--pkg/sentry/pgalloc/usage_set.go6
-rw-r--r--pkg/sentry/platform/ring0/kernel_amd64.go1
-rw-r--r--pkg/sentry/socket/netfilter/netfilter.go2
-rw-r--r--pkg/sentry/socket/netfilter/owner_matcher.go1
-rw-r--r--pkg/sentry/socket/unix/unix.go2
-rw-r--r--pkg/sentry/syscalls/linux/sys_sync.go1
-rw-r--r--pkg/sentry/vfs/inotify.go2
22 files changed, 58 insertions, 43 deletions
diff --git a/pkg/sentry/fs/fsutil/dirty_set_impl.go b/pkg/sentry/fs/fsutil/dirty_set_impl.go
index 9f1463389..2c6a10fc4 100644
--- a/pkg/sentry/fs/fsutil/dirty_set_impl.go
+++ b/pkg/sentry/fs/fsutil/dirty_set_impl.go
@@ -1560,8 +1560,8 @@ type DirtySegmentDataSlices struct {
Values []DirtyInfo
}
-// ExportSortedSlice returns a copy of all segments in the given set, in ascending
-// key order.
+// ExportSortedSlices returns a copy of all segments in the given set, in
+// ascending key order.
func (s *DirtySet) ExportSortedSlices() *DirtySegmentDataSlices {
var sds DirtySegmentDataSlices
for seg := s.FirstSegment(); seg.Ok(); seg = seg.NextSegment() {
@@ -1575,7 +1575,7 @@ func (s *DirtySet) ExportSortedSlices() *DirtySegmentDataSlices {
return &sds
}
-// ImportSortedSlice initializes the given set from the given slice.
+// ImportSortedSlices initializes the given set from the given slice.
//
// Preconditions:
// * s must be empty.
diff --git a/pkg/sentry/fs/fsutil/file_range_set_impl.go b/pkg/sentry/fs/fsutil/file_range_set_impl.go
index 374ed79b7..7568fb790 100644
--- a/pkg/sentry/fs/fsutil/file_range_set_impl.go
+++ b/pkg/sentry/fs/fsutil/file_range_set_impl.go
@@ -1560,8 +1560,8 @@ type FileRangeSegmentDataSlices struct {
Values []uint64
}
-// ExportSortedSlice returns a copy of all segments in the given set, in ascending
-// key order.
+// ExportSortedSlices returns a copy of all segments in the given set, in
+// ascending key order.
func (s *FileRangeSet) ExportSortedSlices() *FileRangeSegmentDataSlices {
var sds FileRangeSegmentDataSlices
for seg := s.FirstSegment(); seg.Ok(); seg = seg.NextSegment() {
@@ -1575,7 +1575,7 @@ func (s *FileRangeSet) ExportSortedSlices() *FileRangeSegmentDataSlices {
return &sds
}
-// ImportSortedSlice initializes the given set from the given slice.
+// ImportSortedSlices initializes the given set from the given slice.
//
// Preconditions:
// * s must be empty.
diff --git a/pkg/sentry/fs/fsutil/frame_ref_set_impl.go b/pkg/sentry/fs/fsutil/frame_ref_set_impl.go
index 619246875..6657addf4 100644
--- a/pkg/sentry/fs/fsutil/frame_ref_set_impl.go
+++ b/pkg/sentry/fs/fsutil/frame_ref_set_impl.go
@@ -1560,8 +1560,8 @@ type FrameRefSegmentDataSlices struct {
Values []uint64
}
-// ExportSortedSlice returns a copy of all segments in the given set, in ascending
-// key order.
+// ExportSortedSlices returns a copy of all segments in the given set, in
+// ascending key order.
func (s *FrameRefSet) ExportSortedSlices() *FrameRefSegmentDataSlices {
var sds FrameRefSegmentDataSlices
for seg := s.FirstSegment(); seg.Ok(); seg = seg.NextSegment() {
@@ -1575,7 +1575,7 @@ func (s *FrameRefSet) ExportSortedSlices() *FrameRefSegmentDataSlices {
return &sds
}
-// ImportSortedSlice initializes the given set from the given slice.
+// ImportSortedSlices initializes the given set from the given slice.
//
// Preconditions:
// * s must be empty.
diff --git a/pkg/sentry/fs/fsutil/inode.go b/pkg/sentry/fs/fsutil/inode.go
index 1922ff08c..85e7e35db 100644
--- a/pkg/sentry/fs/fsutil/inode.go
+++ b/pkg/sentry/fs/fsutil/inode.go
@@ -510,6 +510,7 @@ func (InodeDenyWriteChecker) Check(ctx context.Context, inode *fs.Inode, p fs.Pe
//InodeNotAllocatable can be used by Inodes that do not support Allocate().
type InodeNotAllocatable struct{}
+// Allocate implements fs.InodeOperations.Allocate.
func (InodeNotAllocatable) Allocate(_ context.Context, _ *fs.Inode, _, _ int64) error {
return syserror.EOPNOTSUPP
}
diff --git a/pkg/sentry/fs/inode.go b/pkg/sentry/fs/inode.go
index 9b3d8166a..41a3c2047 100644
--- a/pkg/sentry/fs/inode.go
+++ b/pkg/sentry/fs/inode.go
@@ -367,6 +367,7 @@ func (i *Inode) Truncate(ctx context.Context, d *Dirent, size int64) error {
return i.InodeOperations.Truncate(ctx, i, size)
}
+// Allocate calls i.InodeOperations.Allocate with i as the Inode.
func (i *Inode) Allocate(ctx context.Context, d *Dirent, offset int64, length int64) error {
if i.overlay != nil {
return overlayAllocate(ctx, i.overlay, d, offset, length)
diff --git a/pkg/sentry/fs/lock/lock_set.go b/pkg/sentry/fs/lock/lock_set.go
index 37c216b95..4bc830883 100644
--- a/pkg/sentry/fs/lock/lock_set.go
+++ b/pkg/sentry/fs/lock/lock_set.go
@@ -1556,8 +1556,8 @@ type LockSegmentDataSlices struct {
Values []Lock
}
-// ExportSortedSlice returns a copy of all segments in the given set, in ascending
-// key order.
+// ExportSortedSlices returns a copy of all segments in the given set, in
+// ascending key order.
func (s *LockSet) ExportSortedSlices() *LockSegmentDataSlices {
var sds LockSegmentDataSlices
for seg := s.FirstSegment(); seg.Ok(); seg = seg.NextSegment() {
@@ -1571,7 +1571,7 @@ func (s *LockSet) ExportSortedSlices() *LockSegmentDataSlices {
return &sds
}
-// ImportSortedSlice initializes the given set from the given slice.
+// ImportSortedSlices initializes the given set from the given slice.
//
// Preconditions:
// * s must be empty.
diff --git a/pkg/sentry/kernel/auth/id.go b/pkg/sentry/kernel/auth/id.go
index 4c32ee703..994486ea8 100644
--- a/pkg/sentry/kernel/auth/id.go
+++ b/pkg/sentry/kernel/auth/id.go
@@ -62,18 +62,28 @@ const (
// field is displayed as 4294967295 (-1 as an unsigned integer);" -
// user_namespaces(7)
OverflowUID = UID(65534)
+
+ // OverflowGID is the group equivalent to OverflowUID.
OverflowGID = GID(65534)
// NobodyKUID is the user ID usually reserved for the least privileged user
// "nobody".
NobodyKUID = KUID(65534)
+
+ // NobodyKGID is the group equivalent to NobodyKUID.
NobodyKGID = KGID(65534)
// RootKUID is the user ID usually used for the most privileged user "root".
RootKUID = KUID(0)
+
+ // RootKGID is the group equivalent to RootKUID.
RootKGID = KGID(0)
- RootUID = UID(0)
- RootGID = GID(0)
+
+ // RootUID is the root user.
+ RootUID = UID(0)
+
+ // RootGID is the root group.
+ RootGID = GID(0)
)
// Ok returns true if uid is not -1.
diff --git a/pkg/sentry/kernel/auth/id_map_set.go b/pkg/sentry/kernel/auth/id_map_set.go
index d8a05ce46..479753981 100644
--- a/pkg/sentry/kernel/auth/id_map_set.go
+++ b/pkg/sentry/kernel/auth/id_map_set.go
@@ -1556,8 +1556,8 @@ type idMapSegmentDataSlices struct {
Values []uint32
}
-// ExportSortedSlice returns a copy of all segments in the given set, in ascending
-// key order.
+// ExportSortedSlices returns a copy of all segments in the given set, in
+// ascending key order.
func (s *idMapSet) ExportSortedSlices() *idMapSegmentDataSlices {
var sds idMapSegmentDataSlices
for seg := s.FirstSegment(); seg.Ok(); seg = seg.NextSegment() {
@@ -1571,7 +1571,7 @@ func (s *idMapSet) ExportSortedSlices() *idMapSegmentDataSlices {
return &sds
}
-// ImportSortedSlice initializes the given set from the given slice.
+// ImportSortedSlices initializes the given set from the given slice.
//
// Preconditions:
// * s must be empty.
diff --git a/pkg/sentry/kernel/kernel.go b/pkg/sentry/kernel/kernel.go
index b8627a54f..303ae8056 100644
--- a/pkg/sentry/kernel/kernel.go
+++ b/pkg/sentry/kernel/kernel.go
@@ -1433,8 +1433,8 @@ func (k *Kernel) GlobalInit() *ThreadGroup {
return k.globalInit
}
-// TestOnly_SetGlobalInit sets the thread group with ID 1 in the root PID namespace.
-func (k *Kernel) TestOnly_SetGlobalInit(tg *ThreadGroup) {
+// TestOnlySetGlobalInit sets the thread group with ID 1 in the root PID namespace.
+func (k *Kernel) TestOnlySetGlobalInit(tg *ThreadGroup) {
k.globalInit = tg
}
diff --git a/pkg/sentry/memmap/mapping_set_impl.go b/pkg/sentry/memmap/mapping_set_impl.go
index eda4579e8..c32df9259 100644
--- a/pkg/sentry/memmap/mapping_set_impl.go
+++ b/pkg/sentry/memmap/mapping_set_impl.go
@@ -1556,8 +1556,8 @@ type MappingSegmentDataSlices struct {
Values []MappingsOfRange
}
-// ExportSortedSlice returns a copy of all segments in the given set, in ascending
-// key order.
+// ExportSortedSlices returns a copy of all segments in the given set, in
+// ascending key order.
func (s *MappingSet) ExportSortedSlices() *MappingSegmentDataSlices {
var sds MappingSegmentDataSlices
for seg := s.FirstSegment(); seg.Ok(); seg = seg.NextSegment() {
@@ -1571,7 +1571,7 @@ func (s *MappingSet) ExportSortedSlices() *MappingSegmentDataSlices {
return &sds
}
-// ImportSortedSlice initializes the given set from the given slice.
+// ImportSortedSlices initializes the given set from the given slice.
//
// Preconditions:
// * s must be empty.
diff --git a/pkg/sentry/mm/file_refcount_set.go b/pkg/sentry/mm/file_refcount_set.go
index 1d956b4b4..602a137d4 100644
--- a/pkg/sentry/mm/file_refcount_set.go
+++ b/pkg/sentry/mm/file_refcount_set.go
@@ -1560,8 +1560,8 @@ type fileRefcountSegmentDataSlices struct {
Values []int32
}
-// ExportSortedSlice returns a copy of all segments in the given set, in ascending
-// key order.
+// ExportSortedSlices returns a copy of all segments in the given set, in
+// ascending key order.
func (s *fileRefcountSet) ExportSortedSlices() *fileRefcountSegmentDataSlices {
var sds fileRefcountSegmentDataSlices
for seg := s.FirstSegment(); seg.Ok(); seg = seg.NextSegment() {
@@ -1575,7 +1575,7 @@ func (s *fileRefcountSet) ExportSortedSlices() *fileRefcountSegmentDataSlices {
return &sds
}
-// ImportSortedSlice initializes the given set from the given slice.
+// ImportSortedSlices initializes the given set from the given slice.
//
// Preconditions:
// * s must be empty.
diff --git a/pkg/sentry/mm/pma_set.go b/pkg/sentry/mm/pma_set.go
index 09fe6b05f..dbcf2b053 100644
--- a/pkg/sentry/mm/pma_set.go
+++ b/pkg/sentry/mm/pma_set.go
@@ -1560,8 +1560,8 @@ type pmaSegmentDataSlices struct {
Values []pma
}
-// ExportSortedSlice returns a copy of all segments in the given set, in ascending
-// key order.
+// ExportSortedSlices returns a copy of all segments in the given set, in
+// ascending key order.
func (s *pmaSet) ExportSortedSlices() *pmaSegmentDataSlices {
var sds pmaSegmentDataSlices
for seg := s.FirstSegment(); seg.Ok(); seg = seg.NextSegment() {
@@ -1575,7 +1575,7 @@ func (s *pmaSet) ExportSortedSlices() *pmaSegmentDataSlices {
return &sds
}
-// ImportSortedSlice initializes the given set from the given slice.
+// ImportSortedSlices initializes the given set from the given slice.
//
// Preconditions:
// * s must be empty.
diff --git a/pkg/sentry/mm/vma_set.go b/pkg/sentry/mm/vma_set.go
index 3b32d3cb5..333324640 100644
--- a/pkg/sentry/mm/vma_set.go
+++ b/pkg/sentry/mm/vma_set.go
@@ -1560,8 +1560,8 @@ type vmaSegmentDataSlices struct {
Values []vma
}
-// ExportSortedSlice returns a copy of all segments in the given set, in ascending
-// key order.
+// ExportSortedSlices returns a copy of all segments in the given set, in
+// ascending key order.
func (s *vmaSet) ExportSortedSlices() *vmaSegmentDataSlices {
var sds vmaSegmentDataSlices
for seg := s.FirstSegment(); seg.Ok(); seg = seg.NextSegment() {
@@ -1575,7 +1575,7 @@ func (s *vmaSet) ExportSortedSlices() *vmaSegmentDataSlices {
return &sds
}
-// ImportSortedSlice initializes the given set from the given slice.
+// ImportSortedSlices initializes the given set from the given slice.
//
// Preconditions:
// * s must be empty.
diff --git a/pkg/sentry/pgalloc/evictable_range_set.go b/pkg/sentry/pgalloc/evictable_range_set.go
index 7619b106e..c0c712b21 100644
--- a/pkg/sentry/pgalloc/evictable_range_set.go
+++ b/pkg/sentry/pgalloc/evictable_range_set.go
@@ -1556,8 +1556,8 @@ type evictableRangeSegmentDataSlices struct {
Values []evictableRangeSetValue
}
-// ExportSortedSlice returns a copy of all segments in the given set, in ascending
-// key order.
+// ExportSortedSlices returns a copy of all segments in the given set, in
+// ascending key order.
func (s *evictableRangeSet) ExportSortedSlices() *evictableRangeSegmentDataSlices {
var sds evictableRangeSegmentDataSlices
for seg := s.FirstSegment(); seg.Ok(); seg = seg.NextSegment() {
@@ -1571,7 +1571,7 @@ func (s *evictableRangeSet) ExportSortedSlices() *evictableRangeSegmentDataSlice
return &sds
}
-// ImportSortedSlice initializes the given set from the given slice.
+// ImportSortedSlices initializes the given set from the given slice.
//
// Preconditions:
// * s must be empty.
diff --git a/pkg/sentry/pgalloc/reclaim_set.go b/pkg/sentry/pgalloc/reclaim_set.go
index 5c62c03fe..737f38776 100644
--- a/pkg/sentry/pgalloc/reclaim_set.go
+++ b/pkg/sentry/pgalloc/reclaim_set.go
@@ -1560,8 +1560,8 @@ type reclaimSegmentDataSlices struct {
Values []reclaimSetValue
}
-// ExportSortedSlice returns a copy of all segments in the given set, in ascending
-// key order.
+// ExportSortedSlices returns a copy of all segments in the given set, in
+// ascending key order.
func (s *reclaimSet) ExportSortedSlices() *reclaimSegmentDataSlices {
var sds reclaimSegmentDataSlices
for seg := s.FirstSegment(); seg.Ok(); seg = seg.NextSegment() {
@@ -1575,7 +1575,7 @@ func (s *reclaimSet) ExportSortedSlices() *reclaimSegmentDataSlices {
return &sds
}
-// ImportSortedSlice initializes the given set from the given slice.
+// ImportSortedSlices initializes the given set from the given slice.
//
// Preconditions:
// * s must be empty.
diff --git a/pkg/sentry/pgalloc/usage_set.go b/pkg/sentry/pgalloc/usage_set.go
index edabff0d8..8d96e817a 100644
--- a/pkg/sentry/pgalloc/usage_set.go
+++ b/pkg/sentry/pgalloc/usage_set.go
@@ -1560,8 +1560,8 @@ type usageSegmentDataSlices struct {
Values []usageInfo
}
-// ExportSortedSlice returns a copy of all segments in the given set, in ascending
-// key order.
+// ExportSortedSlices returns a copy of all segments in the given set, in
+// ascending key order.
func (s *usageSet) ExportSortedSlices() *usageSegmentDataSlices {
var sds usageSegmentDataSlices
for seg := s.FirstSegment(); seg.Ok(); seg = seg.NextSegment() {
@@ -1575,7 +1575,7 @@ func (s *usageSet) ExportSortedSlices() *usageSegmentDataSlices {
return &sds
}
-// ImportSortedSlice initializes the given set from the given slice.
+// ImportSortedSlices initializes the given set from the given slice.
//
// Preconditions:
// * s must be empty.
diff --git a/pkg/sentry/platform/ring0/kernel_amd64.go b/pkg/sentry/platform/ring0/kernel_amd64.go
index b55dc29b3..36a60700e 100644
--- a/pkg/sentry/platform/ring0/kernel_amd64.go
+++ b/pkg/sentry/platform/ring0/kernel_amd64.go
@@ -65,6 +65,7 @@ func (k *Kernel) init(maxCPUs int) {
}
}
+// EntryRegions returns the set of kernel entry regions (must be mapped).
func (k *Kernel) EntryRegions() map[uintptr]uintptr {
regions := make(map[uintptr]uintptr)
diff --git a/pkg/sentry/socket/netfilter/netfilter.go b/pkg/sentry/socket/netfilter/netfilter.go
index b283d7229..26bd1abd4 100644
--- a/pkg/sentry/socket/netfilter/netfilter.go
+++ b/pkg/sentry/socket/netfilter/netfilter.go
@@ -205,7 +205,7 @@ func SetEntries(stk *stack.Stack, optVal []byte, ipv6 bool) *syserr.Error {
// Go through the list of supported hooks for this table and, for each
// one, set the rule it corresponds to.
- for hook, _ := range replace.HookEntry {
+ for hook := range replace.HookEntry {
if table.ValidHooks()&(1<<hook) != 0 {
hk := hookFromLinux(hook)
table.BuiltinChains[hk] = stack.HookUnset
diff --git a/pkg/sentry/socket/netfilter/owner_matcher.go b/pkg/sentry/socket/netfilter/owner_matcher.go
index 1b4e0ad79..69d13745e 100644
--- a/pkg/sentry/socket/netfilter/owner_matcher.go
+++ b/pkg/sentry/socket/netfilter/owner_matcher.go
@@ -96,6 +96,7 @@ func (ownerMarshaler) unmarshal(buf []byte, filter stack.IPHeaderFilter) (stack.
return &owner, nil
}
+// OwnerMatcher matches against a UID and/or GID.
type OwnerMatcher struct {
uid uint32
gid uint32
diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go
index c59297c80..6c4ec55b2 100644
--- a/pkg/sentry/socket/unix/unix.go
+++ b/pkg/sentry/socket/unix/unix.go
@@ -471,7 +471,7 @@ func (s *socketOpsCommon) SendMsg(t *kernel.Task, src usermem.IOSequence, to []b
if len(to) > 0 {
switch s.stype {
case linux.SOCK_SEQPACKET:
- to = nil
+ // to is ignored.
case linux.SOCK_STREAM:
if s.State() == linux.SS_CONNECTED {
return 0, syserr.ErrAlreadyConnected
diff --git a/pkg/sentry/syscalls/linux/sys_sync.go b/pkg/sentry/syscalls/linux/sys_sync.go
index 048a21c6e..5ebd4461f 100644
--- a/pkg/sentry/syscalls/linux/sys_sync.go
+++ b/pkg/sentry/syscalls/linux/sys_sync.go
@@ -125,6 +125,7 @@ func SyncFileRange(t *kernel.Task, args arch.SyscallArguments) (uintptr, *kernel
//
// It should be safe to skipped this flag while nobody uses
// SYNC_FILE_RANGE_WAIT_BEFORE.
+ _ = nbytes
// SYNC_FILE_RANGE_WAIT_AFTER waits upon write-out of all pages in the
// range after performing any write.
diff --git a/pkg/sentry/vfs/inotify.go b/pkg/sentry/vfs/inotify.go
index 107171b61..a48ac1cd6 100644
--- a/pkg/sentry/vfs/inotify.go
+++ b/pkg/sentry/vfs/inotify.go
@@ -738,7 +738,7 @@ func InotifyEventFromStatMask(mask uint32) uint32 {
} else if mask&linux.STATX_ATIME != 0 {
ev |= linux.IN_ACCESS
} else if mask&linux.STATX_MTIME != 0 {
- mask |= linux.IN_MODIFY
+ ev |= linux.IN_MODIFY
}
return ev
}