From 6516b5648b471951e8c4da7869531c9509ba1495 Mon Sep 17 00:00:00 2001
From: Nicolas Lacasse <nlacasse@google.com>
Date: Thu, 6 Sep 2018 13:46:45 -0700
Subject: createProcessArgs.RootFromContext should return process Root if it
 exists.

It was always returning the MountNamespace root, which may be different from
the process Root if the process is in a chroot environment.

PiperOrigin-RevId: 211862181
Change-Id: I63bfeb610e2b0affa9fdbdd8147eba3c39014480
---
 pkg/sentry/kernel/kernel.go | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 'pkg/sentry')

diff --git a/pkg/sentry/kernel/kernel.go b/pkg/sentry/kernel/kernel.go
index c2b5c7269..31a2f068d 100644
--- a/pkg/sentry/kernel/kernel.go
+++ b/pkg/sentry/kernel/kernel.go
@@ -553,10 +553,18 @@ func (ctx *createProcessContext) Value(key interface{}) interface{} {
 	case auth.CtxCredentials:
 		return ctx.args.Credentials
 	case fs.CtxRoot:
-		if ctx.k.mounts == nil {
-			return nil
+		if ctx.args.Root != nil {
+			// Take a refernce on the root dirent that will be
+			// given to the caller.
+			ctx.args.Root.IncRef()
+			return ctx.args.Root
 		}
-		return ctx.k.mounts.Root()
+		if ctx.k.mounts != nil {
+			// MountNamespace.Root() will take a reference on the
+			// root dirent for us.
+			return ctx.k.mounts.Root()
+		}
+		return nil
 	case ktime.CtxRealtimeClock:
 		return ctx.k.RealtimeClock()
 	case limits.CtxLimits:
-- 
cgit v1.2.3