github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/pkg/sentry/vfs/options.go (about)

     1  // Copyright 2019 The gVisor Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package vfs
    16  
    17  import (
    18  	"github.com/SagerNet/gvisor/pkg/abi/linux"
    19  	"github.com/SagerNet/gvisor/pkg/sentry/socket/unix/transport"
    20  )
    21  
    22  // GetDentryOptions contains options to VirtualFilesystem.GetDentryAt() and
    23  // FilesystemImpl.GetDentryAt().
    24  //
    25  // +stateify savable
    26  type GetDentryOptions struct {
    27  	// If CheckSearchable is true, FilesystemImpl.GetDentryAt() must check that
    28  	// the returned Dentry is a directory for which creds has search
    29  	// permission.
    30  	CheckSearchable bool
    31  }
    32  
    33  // MkdirOptions contains options to VirtualFilesystem.MkdirAt() and
    34  // FilesystemImpl.MkdirAt().
    35  //
    36  // +stateify savable
    37  type MkdirOptions struct {
    38  	// Mode is the file mode bits for the created directory.
    39  	Mode linux.FileMode
    40  
    41  	// If ForSyntheticMountpoint is true, FilesystemImpl.MkdirAt() may create
    42  	// the given directory in memory only (as opposed to persistent storage).
    43  	// The created directory should be able to support the creation of
    44  	// subdirectories with ForSyntheticMountpoint == true. It does not need to
    45  	// support the creation of subdirectories with ForSyntheticMountpoint ==
    46  	// false, or files of other types.
    47  	//
    48  	// FilesystemImpls are permitted to ignore the ForSyntheticMountpoint
    49  	// option.
    50  	//
    51  	// The ForSyntheticMountpoint option exists because, unlike mount(2), the
    52  	// OCI Runtime Specification permits the specification of mount points that
    53  	// do not exist, under the expectation that container runtimes will create
    54  	// them. (More accurately, the OCI Runtime Specification completely fails
    55  	// to document this feature, but it's implemented by runc.)
    56  	// ForSyntheticMountpoint allows such mount points to be created even when
    57  	// the underlying persistent filesystem is immutable.
    58  	ForSyntheticMountpoint bool
    59  }
    60  
    61  // MknodOptions contains options to VirtualFilesystem.MknodAt() and
    62  // FilesystemImpl.MknodAt().
    63  //
    64  // +stateify savable
    65  type MknodOptions struct {
    66  	// Mode is the file type and mode bits for the created file.
    67  	Mode linux.FileMode
    68  
    69  	// If Mode specifies a character or block device special file, DevMajor and
    70  	// DevMinor are the major and minor device numbers for the created device.
    71  	DevMajor uint32
    72  	DevMinor uint32
    73  
    74  	// Endpoint is the endpoint to bind to the created file, if a socket file is
    75  	// being created for bind(2) on a Unix domain socket.
    76  	Endpoint transport.BoundEndpoint
    77  }
    78  
    79  // MountFlags contains flags as specified for mount(2), e.g. MS_NOEXEC.
    80  // MS_RDONLY is not part of MountFlags because it's tracked in Mount.writers.
    81  //
    82  // +stateify savable
    83  type MountFlags struct {
    84  	// NoExec is equivalent to MS_NOEXEC.
    85  	NoExec bool
    86  
    87  	// NoATime is equivalent to MS_NOATIME and indicates that the
    88  	// filesystem should not update access time in-place.
    89  	NoATime bool
    90  
    91  	// NoDev is equivalent to MS_NODEV and indicates that the
    92  	// filesystem should not allow access to devices (special files).
    93  	// TODO(github.com/SagerNet/issue/3186): respect this flag in non FUSE
    94  	// filesystems.
    95  	NoDev bool
    96  
    97  	// NoSUID is equivalent to MS_NOSUID and indicates that the
    98  	// filesystem should not honor set-user-ID and set-group-ID bits or
    99  	// file capabilities when executing programs.
   100  	NoSUID bool
   101  }
   102  
   103  // MountOptions contains options to VirtualFilesystem.MountAt().
   104  //
   105  // +stateify savable
   106  type MountOptions struct {
   107  	// Flags contains flags as specified for mount(2), e.g. MS_NOEXEC.
   108  	Flags MountFlags
   109  
   110  	// ReadOnly is equivalent to MS_RDONLY.
   111  	ReadOnly bool
   112  
   113  	// GetFilesystemOptions contains options to FilesystemType.GetFilesystem().
   114  	GetFilesystemOptions GetFilesystemOptions
   115  
   116  	// InternalMount indicates whether the mount operation is coming from the
   117  	// application, i.e. through mount(2). If InternalMount is true, allow the use
   118  	// of filesystem types for which RegisterFilesystemTypeOptions.AllowUserMount
   119  	// == false.
   120  	InternalMount bool
   121  }
   122  
   123  // OpenOptions contains options to VirtualFilesystem.OpenAt() and
   124  // FilesystemImpl.OpenAt().
   125  //
   126  // +stateify savable
   127  type OpenOptions struct {
   128  	// Flags contains access mode and flags as specified for open(2).
   129  	//
   130  	// FilesystemImpls are responsible for implementing the following flags:
   131  	// O_RDONLY, O_WRONLY, O_RDWR, O_APPEND, O_CREAT, O_DIRECT, O_DSYNC,
   132  	// O_EXCL, O_NOATIME, O_NOCTTY, O_NONBLOCK, O_SYNC, O_TMPFILE, and
   133  	// O_TRUNC. VFS is responsible for handling O_DIRECTORY, O_LARGEFILE, and
   134  	// O_NOFOLLOW. VFS users are responsible for handling O_CLOEXEC, since file
   135  	// descriptors are mostly outside the scope of VFS.
   136  	Flags uint32
   137  
   138  	// If FilesystemImpl.OpenAt() creates a file, Mode is the file mode for the
   139  	// created file.
   140  	Mode linux.FileMode
   141  
   142  	// FileExec is set when the file is being opened to be executed.
   143  	// VirtualFilesystem.OpenAt() checks that the caller has execute permissions
   144  	// on the file, that the file is a regular file, and that the mount doesn't
   145  	// have MS_NOEXEC set.
   146  	FileExec bool
   147  }
   148  
   149  // ReadOptions contains options to FileDescription.PRead(),
   150  // FileDescriptionImpl.PRead(), FileDescription.Read(), and
   151  // FileDescriptionImpl.Read().
   152  //
   153  // +stateify savable
   154  type ReadOptions struct {
   155  	// Flags contains flags as specified for preadv2(2).
   156  	Flags uint32
   157  }
   158  
   159  // RenameOptions contains options to VirtualFilesystem.RenameAt() and
   160  // FilesystemImpl.RenameAt().
   161  //
   162  // +stateify savable
   163  type RenameOptions struct {
   164  	// Flags contains flags as specified for renameat2(2).
   165  	Flags uint32
   166  
   167  	// If MustBeDir is true, the renamed file must be a directory.
   168  	MustBeDir bool
   169  }
   170  
   171  // SetStatOptions contains options to VirtualFilesystem.SetStatAt(),
   172  // FilesystemImpl.SetStatAt(), FileDescription.SetStat(), and
   173  // FileDescriptionImpl.SetStat().
   174  //
   175  // +stateify savable
   176  type SetStatOptions struct {
   177  	// Stat is the metadata that should be set. Only fields indicated by
   178  	// Stat.Mask should be set.
   179  	//
   180  	// If Stat specifies that a timestamp should be set,
   181  	// FilesystemImpl.SetStatAt() and FileDescriptionImpl.SetStat() must
   182  	// special-case StatxTimestamp.Nsec == UTIME_NOW as described by
   183  	// utimensat(2); however, they do not need to check for StatxTimestamp.Nsec
   184  	// == UTIME_OMIT (VFS users must unset the corresponding bit in Stat.Mask
   185  	// instead).
   186  	Stat linux.Statx
   187  
   188  	// NeedWritePerm indicates that write permission on the file is needed for
   189  	// this operation. This is needed for truncate(2) (note that ftruncate(2)
   190  	// does not require the same check--instead, it checks that the fd is
   191  	// writable).
   192  	NeedWritePerm bool
   193  }
   194  
   195  // BoundEndpointOptions contains options to VirtualFilesystem.BoundEndpointAt()
   196  // and FilesystemImpl.BoundEndpointAt().
   197  //
   198  // +stateify savable
   199  type BoundEndpointOptions struct {
   200  	// Addr is the path of the file whose socket endpoint is being retrieved.
   201  	// It is generally irrelevant: most endpoints are stored at a dentry that
   202  	// was created through a bind syscall, so the path can be stored on creation.
   203  	// However, if the endpoint was created in FilesystemImpl.BoundEndpointAt(),
   204  	// then we may not know what the original bind address was.
   205  	//
   206  	// For example, if connect(2) is called with address "foo" which corresponds
   207  	// a remote named socket in goferfs, we need to generate an endpoint wrapping
   208  	// that file. In this case, we can use Addr to set the endpoint address to
   209  	// "foo". Note that Addr is only a best-effort attempt--we still do not know
   210  	// the exact address that was used on the remote fs to bind the socket (it
   211  	// may have been "foo", "./foo", etc.).
   212  	Addr string
   213  }
   214  
   215  // GetXattrOptions contains options to VirtualFilesystem.GetXattrAt(),
   216  // FilesystemImpl.GetXattrAt(), FileDescription.GetXattr(), and
   217  // FileDescriptionImpl.GetXattr().
   218  //
   219  // +stateify savable
   220  type GetXattrOptions struct {
   221  	// Name is the name of the extended attribute to retrieve.
   222  	Name string
   223  
   224  	// Size is the maximum value size that the caller will tolerate. If the value
   225  	// is larger than size, getxattr methods may return ERANGE, but they are also
   226  	// free to ignore the hint entirely (i.e. the value returned may be larger
   227  	// than size). All size checking is done independently at the syscall layer.
   228  	Size uint64
   229  }
   230  
   231  // SetXattrOptions contains options to VirtualFilesystem.SetXattrAt(),
   232  // FilesystemImpl.SetXattrAt(), FileDescription.SetXattr(), and
   233  // FileDescriptionImpl.SetXattr().
   234  //
   235  // +stateify savable
   236  type SetXattrOptions struct {
   237  	// Name is the name of the extended attribute being mutated.
   238  	Name string
   239  
   240  	// Value is the extended attribute's new value.
   241  	Value string
   242  
   243  	// Flags contains flags as specified for setxattr/lsetxattr/fsetxattr(2).
   244  	Flags uint32
   245  }
   246  
   247  // StatOptions contains options to VirtualFilesystem.StatAt(),
   248  // FilesystemImpl.StatAt(), FileDescription.Stat(), and
   249  // FileDescriptionImpl.Stat().
   250  //
   251  // +stateify savable
   252  type StatOptions struct {
   253  	// Mask is the set of fields in the returned Statx that the FilesystemImpl
   254  	// or FileDescriptionImpl should provide. Bits are as in linux.Statx.Mask.
   255  	//
   256  	// The FilesystemImpl or FileDescriptionImpl may return fields not
   257  	// requested in Mask, and may fail to return fields requested in Mask that
   258  	// are not supported by the underlying filesystem implementation, without
   259  	// returning an error.
   260  	Mask uint32
   261  
   262  	// Sync specifies the synchronization required, and is one of
   263  	// linux.AT_STATX_SYNC_AS_STAT (which is 0, and therefore the default),
   264  	// linux.AT_STATX_SYNC_FORCE_SYNC, or linux.AT_STATX_SYNC_DONT_SYNC.
   265  	Sync uint32
   266  }
   267  
   268  // UmountOptions contains options to VirtualFilesystem.UmountAt().
   269  //
   270  // +stateify savable
   271  type UmountOptions struct {
   272  	// Flags contains flags as specified for umount2(2).
   273  	Flags uint32
   274  }
   275  
   276  // WriteOptions contains options to FileDescription.PWrite(),
   277  // FileDescriptionImpl.PWrite(), FileDescription.Write(), and
   278  // FileDescriptionImpl.Write().
   279  //
   280  // +stateify savable
   281  type WriteOptions struct {
   282  	// Flags contains flags as specified for pwritev2(2).
   283  	Flags uint32
   284  }