github.com/ttpreport/gvisor-ligolo@v0.0.0-20240123134145-a858404967ba/pkg/sentry/fsimpl/kernfs/synthetic_directory.go (about)

     1  // Copyright 2019 The gVisor Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package kernfs
    16  
    17  import (
    18  	"fmt"
    19  
    20  	"github.com/ttpreport/gvisor-ligolo/pkg/abi/linux"
    21  	"github.com/ttpreport/gvisor-ligolo/pkg/context"
    22  	"github.com/ttpreport/gvisor-ligolo/pkg/errors/linuxerr"
    23  	"github.com/ttpreport/gvisor-ligolo/pkg/sentry/kernel/auth"
    24  	"github.com/ttpreport/gvisor-ligolo/pkg/sentry/vfs"
    25  )
    26  
    27  // syntheticDirectory implements kernfs.Inode for a directory created by
    28  // MkdirAt(ForSyntheticMountpoint=true).
    29  //
    30  // +stateify savable
    31  type syntheticDirectory struct {
    32  	InodeAlwaysValid
    33  	InodeAttrs
    34  	InodeNoStatFS
    35  	InodeNotAnonymous
    36  	InodeNotSymlink
    37  	InodeWatches
    38  	OrderedChildren
    39  	syntheticDirectoryRefs
    40  
    41  	locks vfs.FileLocks
    42  }
    43  
    44  var _ Inode = (*syntheticDirectory)(nil)
    45  
    46  func newSyntheticDirectory(ctx context.Context, creds *auth.Credentials, perm linux.FileMode) Inode {
    47  	if perm&^linux.PermissionsMask != 0 {
    48  		panic(fmt.Sprintf("perm contains non-permission bits: %#o", perm))
    49  	}
    50  	dir := &syntheticDirectory{}
    51  	dir.InitRefs()
    52  	dir.InodeAttrs.Init(ctx, creds, 0 /* devMajor */, 0 /* devMinor */, 0 /* ino */, linux.S_IFDIR|perm)
    53  	dir.OrderedChildren.Init(OrderedChildrenOptions{
    54  		Writable: true,
    55  	})
    56  	return dir
    57  }
    58  
    59  // Open implements Inode.Open.
    60  func (dir *syntheticDirectory) Open(ctx context.Context, rp *vfs.ResolvingPath, d *Dentry, opts vfs.OpenOptions) (*vfs.FileDescription, error) {
    61  	fd, err := NewGenericDirectoryFD(rp.Mount(), d, &dir.OrderedChildren, &dir.locks, &opts, GenericDirectoryFDOptions{})
    62  	if err != nil {
    63  		return nil, err
    64  	}
    65  	return &fd.vfsfd, nil
    66  }
    67  
    68  // NewFile implements Inode.NewFile.
    69  func (dir *syntheticDirectory) NewFile(ctx context.Context, name string, opts vfs.OpenOptions) (Inode, error) {
    70  	return nil, linuxerr.EPERM
    71  }
    72  
    73  // NewDir implements Inode.NewDir.
    74  func (dir *syntheticDirectory) NewDir(ctx context.Context, name string, opts vfs.MkdirOptions) (Inode, error) {
    75  	if !opts.ForSyntheticMountpoint {
    76  		return nil, linuxerr.EPERM
    77  	}
    78  	subdirI := newSyntheticDirectory(ctx, auth.CredentialsFromContext(ctx), opts.Mode&linux.PermissionsMask)
    79  	if err := dir.OrderedChildren.Insert(name, subdirI); err != nil {
    80  		subdirI.DecRef(ctx)
    81  		return nil, err
    82  	}
    83  	dir.TouchCMtime(ctx)
    84  	return subdirI, nil
    85  }
    86  
    87  // NewLink implements Inode.NewLink.
    88  func (dir *syntheticDirectory) NewLink(ctx context.Context, name string, target Inode) (Inode, error) {
    89  	return nil, linuxerr.EPERM
    90  }
    91  
    92  // NewSymlink implements Inode.NewSymlink.
    93  func (dir *syntheticDirectory) NewSymlink(ctx context.Context, name, target string) (Inode, error) {
    94  	return nil, linuxerr.EPERM
    95  }
    96  
    97  // NewNode implements Inode.NewNode.
    98  func (dir *syntheticDirectory) NewNode(ctx context.Context, name string, opts vfs.MknodOptions) (Inode, error) {
    99  	return nil, linuxerr.EPERM
   100  }
   101  
   102  // DecRef implements Inode.DecRef.
   103  func (dir *syntheticDirectory) DecRef(ctx context.Context) {
   104  	dir.syntheticDirectoryRefs.DecRef(func() { dir.Destroy(ctx) })
   105  }
   106  
   107  // Keep implements Inode.Keep. This is redundant because inodes will never be
   108  // created via Lookup and inodes are always valid. Makes sense to return true
   109  // because these inodes are not temporary and should only be removed on RmDir.
   110  func (dir *syntheticDirectory) Keep() bool {
   111  	return true
   112  }