summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/vfs/memxattr/xattr.go
blob: efc9c6a5de5c91885648715f07590f5d58f1eed6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
// Copyright 2020 The gVisor Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Package memxattr provides a default, in-memory extended attribute
// implementation.
package memxattr

import (
	"strings"

	"gvisor.dev/gvisor/pkg/abi/linux"
	"gvisor.dev/gvisor/pkg/errors/linuxerr"
	"gvisor.dev/gvisor/pkg/sentry/kernel/auth"
	"gvisor.dev/gvisor/pkg/sentry/vfs"
	"gvisor.dev/gvisor/pkg/sync"
	"gvisor.dev/gvisor/pkg/syserror"
)

// SimpleExtendedAttributes implements extended attributes using a map of
// names to values.
//
// SimpleExtendedAttributes calls vfs.CheckXattrPermissions, so callers are not
// required to do so.
//
// +stateify savable
type SimpleExtendedAttributes struct {
	// mu protects the below fields.
	mu     sync.RWMutex `state:"nosave"`
	xattrs map[string]string
}

// GetXattr returns the value at 'name'.
func (x *SimpleExtendedAttributes) GetXattr(creds *auth.Credentials, mode linux.FileMode, kuid auth.KUID, opts *vfs.GetXattrOptions) (string, error) {
	if err := vfs.CheckXattrPermissions(creds, vfs.MayRead, mode, kuid, opts.Name); err != nil {
		return "", err
	}

	x.mu.RLock()
	value, ok := x.xattrs[opts.Name]
	x.mu.RUnlock()
	if !ok {
		return "", linuxerr.ENODATA
	}
	// Check that the size of the buffer provided in getxattr(2) is large enough
	// to contain the value.
	if opts.Size != 0 && uint64(len(value)) > opts.Size {
		return "", syserror.ERANGE
	}
	return value, nil
}

// SetXattr sets 'value' at 'name'.
func (x *SimpleExtendedAttributes) SetXattr(creds *auth.Credentials, mode linux.FileMode, kuid auth.KUID, opts *vfs.SetXattrOptions) error {
	if err := vfs.CheckXattrPermissions(creds, vfs.MayWrite, mode, kuid, opts.Name); err != nil {
		return err
	}

	x.mu.Lock()
	defer x.mu.Unlock()
	if x.xattrs == nil {
		if opts.Flags&linux.XATTR_REPLACE != 0 {
			return linuxerr.ENODATA
		}
		x.xattrs = make(map[string]string)
	}

	_, ok := x.xattrs[opts.Name]
	if ok && opts.Flags&linux.XATTR_CREATE != 0 {
		return syserror.EEXIST
	}
	if !ok && opts.Flags&linux.XATTR_REPLACE != 0 {
		return linuxerr.ENODATA
	}

	x.xattrs[opts.Name] = opts.Value
	return nil
}

// ListXattr returns all names in xattrs.
func (x *SimpleExtendedAttributes) ListXattr(creds *auth.Credentials, size uint64) ([]string, error) {
	// Keep track of the size of the buffer needed in listxattr(2) for the list.
	listSize := 0
	x.mu.RLock()
	names := make([]string, 0, len(x.xattrs))
	haveCap := creds.HasCapability(linux.CAP_SYS_ADMIN)
	for n := range x.xattrs {
		// Hide extended attributes in the "trusted" namespace from
		// non-privileged users. This is consistent with Linux's
		// fs/xattr.c:simple_xattr_list().
		if !haveCap && strings.HasPrefix(n, linux.XATTR_TRUSTED_PREFIX) {
			continue
		}
		names = append(names, n)
		// Add one byte per null terminator.
		listSize += len(n) + 1
	}
	x.mu.RUnlock()
	if size != 0 && uint64(listSize) > size {
		return nil, syserror.ERANGE
	}
	return names, nil
}

// RemoveXattr removes the xattr at 'name'.
func (x *SimpleExtendedAttributes) RemoveXattr(creds *auth.Credentials, mode linux.FileMode, kuid auth.KUID, name string) error {
	if err := vfs.CheckXattrPermissions(creds, vfs.MayWrite, mode, kuid, name); err != nil {
		return err
	}

	x.mu.Lock()
	defer x.mu.Unlock()
	if _, ok := x.xattrs[name]; !ok {
		return linuxerr.ENODATA
	}
	delete(x.xattrs, name)
	return nil
}