From f7bc60603e32d630598eca4663dfd9d03be5802f Mon Sep 17 00:00:00 2001
From: Kevin Krakauer <krakauer@google.com>
Date: Tue, 25 May 2021 13:19:23 -0700
Subject: setgid directories for VFS1 tmpfs, overlayfs, and goferfs

PiperOrigin-RevId: 375780659
---
 pkg/sentry/fs/gofer/file.go | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'pkg/sentry/fs/gofer/file.go')

diff --git a/pkg/sentry/fs/gofer/file.go b/pkg/sentry/fs/gofer/file.go
index 819e140bc..73d80d9b5 100644
--- a/pkg/sentry/fs/gofer/file.go
+++ b/pkg/sentry/fs/gofer/file.go
@@ -237,10 +237,20 @@ func (f *fileOperations) Write(ctx context.Context, file *fs.File, src usermem.I
 	// and availability of a host-mappable FD.
 	if f.inodeOperations.session().cachePolicy.useCachingInodeOps(file.Dirent.Inode) {
 		n, err = f.inodeOperations.cachingInodeOps.Write(ctx, src, offset)
-	} else if f.inodeOperations.fileState.hostMappable != nil {
-		n, err = f.inodeOperations.fileState.hostMappable.Write(ctx, src, offset)
 	} else {
-		n, err = src.CopyInTo(ctx, f.handles.readWriterAt(ctx, offset))
+		uattr, e := f.UnstableAttr(ctx, file)
+		if e != nil {
+			return 0, e
+		}
+		if f.inodeOperations.fileState.hostMappable != nil {
+			n, err = f.inodeOperations.fileState.hostMappable.Write(ctx, src, offset, uattr)
+		} else {
+			n, err = src.CopyInTo(ctx, f.handles.readWriterAt(ctx, offset))
+			if n > 0 && uattr.Perms.HasSetUIDOrGID() {
+				uattr.Perms.DropSetUIDAndMaybeGID()
+				f.inodeOperations.SetPermissions(ctx, file.Dirent.Inode, uattr.Perms)
+			}
+		}
 	}
 
 	if n == 0 {
-- 
cgit v1.2.3