github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/pkg/sentry/vfs/options.go (about) 1 // Copyright 2019 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package vfs 16 17 import ( 18 "github.com/SagerNet/gvisor/pkg/abi/linux" 19 "github.com/SagerNet/gvisor/pkg/sentry/socket/unix/transport" 20 ) 21 22 // GetDentryOptions contains options to VirtualFilesystem.GetDentryAt() and 23 // FilesystemImpl.GetDentryAt(). 24 // 25 // +stateify savable 26 type GetDentryOptions struct { 27 // If CheckSearchable is true, FilesystemImpl.GetDentryAt() must check that 28 // the returned Dentry is a directory for which creds has search 29 // permission. 30 CheckSearchable bool 31 } 32 33 // MkdirOptions contains options to VirtualFilesystem.MkdirAt() and 34 // FilesystemImpl.MkdirAt(). 35 // 36 // +stateify savable 37 type MkdirOptions struct { 38 // Mode is the file mode bits for the created directory. 39 Mode linux.FileMode 40 41 // If ForSyntheticMountpoint is true, FilesystemImpl.MkdirAt() may create 42 // the given directory in memory only (as opposed to persistent storage). 43 // The created directory should be able to support the creation of 44 // subdirectories with ForSyntheticMountpoint == true. It does not need to 45 // support the creation of subdirectories with ForSyntheticMountpoint == 46 // false, or files of other types. 47 // 48 // FilesystemImpls are permitted to ignore the ForSyntheticMountpoint 49 // option. 50 // 51 // The ForSyntheticMountpoint option exists because, unlike mount(2), the 52 // OCI Runtime Specification permits the specification of mount points that 53 // do not exist, under the expectation that container runtimes will create 54 // them. (More accurately, the OCI Runtime Specification completely fails 55 // to document this feature, but it's implemented by runc.) 56 // ForSyntheticMountpoint allows such mount points to be created even when 57 // the underlying persistent filesystem is immutable. 58 ForSyntheticMountpoint bool 59 } 60 61 // MknodOptions contains options to VirtualFilesystem.MknodAt() and 62 // FilesystemImpl.MknodAt(). 63 // 64 // +stateify savable 65 type MknodOptions struct { 66 // Mode is the file type and mode bits for the created file. 67 Mode linux.FileMode 68 69 // If Mode specifies a character or block device special file, DevMajor and 70 // DevMinor are the major and minor device numbers for the created device. 71 DevMajor uint32 72 DevMinor uint32 73 74 // Endpoint is the endpoint to bind to the created file, if a socket file is 75 // being created for bind(2) on a Unix domain socket. 76 Endpoint transport.BoundEndpoint 77 } 78 79 // MountFlags contains flags as specified for mount(2), e.g. MS_NOEXEC. 80 // MS_RDONLY is not part of MountFlags because it's tracked in Mount.writers. 81 // 82 // +stateify savable 83 type MountFlags struct { 84 // NoExec is equivalent to MS_NOEXEC. 85 NoExec bool 86 87 // NoATime is equivalent to MS_NOATIME and indicates that the 88 // filesystem should not update access time in-place. 89 NoATime bool 90 91 // NoDev is equivalent to MS_NODEV and indicates that the 92 // filesystem should not allow access to devices (special files). 93 // TODO(github.com/SagerNet/issue/3186): respect this flag in non FUSE 94 // filesystems. 95 NoDev bool 96 97 // NoSUID is equivalent to MS_NOSUID and indicates that the 98 // filesystem should not honor set-user-ID and set-group-ID bits or 99 // file capabilities when executing programs. 100 NoSUID bool 101 } 102 103 // MountOptions contains options to VirtualFilesystem.MountAt(). 104 // 105 // +stateify savable 106 type MountOptions struct { 107 // Flags contains flags as specified for mount(2), e.g. MS_NOEXEC. 108 Flags MountFlags 109 110 // ReadOnly is equivalent to MS_RDONLY. 111 ReadOnly bool 112 113 // GetFilesystemOptions contains options to FilesystemType.GetFilesystem(). 114 GetFilesystemOptions GetFilesystemOptions 115 116 // InternalMount indicates whether the mount operation is coming from the 117 // application, i.e. through mount(2). If InternalMount is true, allow the use 118 // of filesystem types for which RegisterFilesystemTypeOptions.AllowUserMount 119 // == false. 120 InternalMount bool 121 } 122 123 // OpenOptions contains options to VirtualFilesystem.OpenAt() and 124 // FilesystemImpl.OpenAt(). 125 // 126 // +stateify savable 127 type OpenOptions struct { 128 // Flags contains access mode and flags as specified for open(2). 129 // 130 // FilesystemImpls are responsible for implementing the following flags: 131 // O_RDONLY, O_WRONLY, O_RDWR, O_APPEND, O_CREAT, O_DIRECT, O_DSYNC, 132 // O_EXCL, O_NOATIME, O_NOCTTY, O_NONBLOCK, O_SYNC, O_TMPFILE, and 133 // O_TRUNC. VFS is responsible for handling O_DIRECTORY, O_LARGEFILE, and 134 // O_NOFOLLOW. VFS users are responsible for handling O_CLOEXEC, since file 135 // descriptors are mostly outside the scope of VFS. 136 Flags uint32 137 138 // If FilesystemImpl.OpenAt() creates a file, Mode is the file mode for the 139 // created file. 140 Mode linux.FileMode 141 142 // FileExec is set when the file is being opened to be executed. 143 // VirtualFilesystem.OpenAt() checks that the caller has execute permissions 144 // on the file, that the file is a regular file, and that the mount doesn't 145 // have MS_NOEXEC set. 146 FileExec bool 147 } 148 149 // ReadOptions contains options to FileDescription.PRead(), 150 // FileDescriptionImpl.PRead(), FileDescription.Read(), and 151 // FileDescriptionImpl.Read(). 152 // 153 // +stateify savable 154 type ReadOptions struct { 155 // Flags contains flags as specified for preadv2(2). 156 Flags uint32 157 } 158 159 // RenameOptions contains options to VirtualFilesystem.RenameAt() and 160 // FilesystemImpl.RenameAt(). 161 // 162 // +stateify savable 163 type RenameOptions struct { 164 // Flags contains flags as specified for renameat2(2). 165 Flags uint32 166 167 // If MustBeDir is true, the renamed file must be a directory. 168 MustBeDir bool 169 } 170 171 // SetStatOptions contains options to VirtualFilesystem.SetStatAt(), 172 // FilesystemImpl.SetStatAt(), FileDescription.SetStat(), and 173 // FileDescriptionImpl.SetStat(). 174 // 175 // +stateify savable 176 type SetStatOptions struct { 177 // Stat is the metadata that should be set. Only fields indicated by 178 // Stat.Mask should be set. 179 // 180 // If Stat specifies that a timestamp should be set, 181 // FilesystemImpl.SetStatAt() and FileDescriptionImpl.SetStat() must 182 // special-case StatxTimestamp.Nsec == UTIME_NOW as described by 183 // utimensat(2); however, they do not need to check for StatxTimestamp.Nsec 184 // == UTIME_OMIT (VFS users must unset the corresponding bit in Stat.Mask 185 // instead). 186 Stat linux.Statx 187 188 // NeedWritePerm indicates that write permission on the file is needed for 189 // this operation. This is needed for truncate(2) (note that ftruncate(2) 190 // does not require the same check--instead, it checks that the fd is 191 // writable). 192 NeedWritePerm bool 193 } 194 195 // BoundEndpointOptions contains options to VirtualFilesystem.BoundEndpointAt() 196 // and FilesystemImpl.BoundEndpointAt(). 197 // 198 // +stateify savable 199 type BoundEndpointOptions struct { 200 // Addr is the path of the file whose socket endpoint is being retrieved. 201 // It is generally irrelevant: most endpoints are stored at a dentry that 202 // was created through a bind syscall, so the path can be stored on creation. 203 // However, if the endpoint was created in FilesystemImpl.BoundEndpointAt(), 204 // then we may not know what the original bind address was. 205 // 206 // For example, if connect(2) is called with address "foo" which corresponds 207 // a remote named socket in goferfs, we need to generate an endpoint wrapping 208 // that file. In this case, we can use Addr to set the endpoint address to 209 // "foo". Note that Addr is only a best-effort attempt--we still do not know 210 // the exact address that was used on the remote fs to bind the socket (it 211 // may have been "foo", "./foo", etc.). 212 Addr string 213 } 214 215 // GetXattrOptions contains options to VirtualFilesystem.GetXattrAt(), 216 // FilesystemImpl.GetXattrAt(), FileDescription.GetXattr(), and 217 // FileDescriptionImpl.GetXattr(). 218 // 219 // +stateify savable 220 type GetXattrOptions struct { 221 // Name is the name of the extended attribute to retrieve. 222 Name string 223 224 // Size is the maximum value size that the caller will tolerate. If the value 225 // is larger than size, getxattr methods may return ERANGE, but they are also 226 // free to ignore the hint entirely (i.e. the value returned may be larger 227 // than size). All size checking is done independently at the syscall layer. 228 Size uint64 229 } 230 231 // SetXattrOptions contains options to VirtualFilesystem.SetXattrAt(), 232 // FilesystemImpl.SetXattrAt(), FileDescription.SetXattr(), and 233 // FileDescriptionImpl.SetXattr(). 234 // 235 // +stateify savable 236 type SetXattrOptions struct { 237 // Name is the name of the extended attribute being mutated. 238 Name string 239 240 // Value is the extended attribute's new value. 241 Value string 242 243 // Flags contains flags as specified for setxattr/lsetxattr/fsetxattr(2). 244 Flags uint32 245 } 246 247 // StatOptions contains options to VirtualFilesystem.StatAt(), 248 // FilesystemImpl.StatAt(), FileDescription.Stat(), and 249 // FileDescriptionImpl.Stat(). 250 // 251 // +stateify savable 252 type StatOptions struct { 253 // Mask is the set of fields in the returned Statx that the FilesystemImpl 254 // or FileDescriptionImpl should provide. Bits are as in linux.Statx.Mask. 255 // 256 // The FilesystemImpl or FileDescriptionImpl may return fields not 257 // requested in Mask, and may fail to return fields requested in Mask that 258 // are not supported by the underlying filesystem implementation, without 259 // returning an error. 260 Mask uint32 261 262 // Sync specifies the synchronization required, and is one of 263 // linux.AT_STATX_SYNC_AS_STAT (which is 0, and therefore the default), 264 // linux.AT_STATX_SYNC_FORCE_SYNC, or linux.AT_STATX_SYNC_DONT_SYNC. 265 Sync uint32 266 } 267 268 // UmountOptions contains options to VirtualFilesystem.UmountAt(). 269 // 270 // +stateify savable 271 type UmountOptions struct { 272 // Flags contains flags as specified for umount2(2). 273 Flags uint32 274 } 275 276 // WriteOptions contains options to FileDescription.PWrite(), 277 // FileDescriptionImpl.PWrite(), FileDescription.Write(), and 278 // FileDescriptionImpl.Write(). 279 // 280 // +stateify savable 281 type WriteOptions struct { 282 // Flags contains flags as specified for pwritev2(2). 283 Flags uint32 284 }