From 5f33fdf37e6386975323ca2bab0dccd51d82df65 Mon Sep 17 00:00:00 2001 From: Nicolas Lacasse Date: Fri, 21 Aug 2020 15:04:24 -0700 Subject: Pass overlay credentials via context in copy up. Some VFS operations (those which operate on FDs) get their credentials via the context instead of via an explicit creds param. For these cases, we must pass the overlay credentials on the context. PiperOrigin-RevId: 327881259 --- pkg/sentry/kernel/auth/context.go | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'pkg/sentry/kernel') diff --git a/pkg/sentry/kernel/auth/context.go b/pkg/sentry/kernel/auth/context.go index ef5723127..c08d47787 100644 --- a/pkg/sentry/kernel/auth/context.go +++ b/pkg/sentry/kernel/auth/context.go @@ -34,3 +34,23 @@ func CredentialsFromContext(ctx context.Context) *Credentials { } return NewAnonymousCredentials() } + +// ContextWithCredentials returns a copy of ctx carrying creds. +func ContextWithCredentials(ctx context.Context, creds *Credentials) context.Context { + return &authContext{ctx, creds} +} + +type authContext struct { + context.Context + creds *Credentials +} + +// Value implements context.Context. +func (ac *authContext) Value(key interface{}) interface{} { + switch key { + case CtxCredentials: + return ac.creds + default: + return ac.Context.Value(key) + } +} -- cgit v1.2.3