github.com/ttpreport/gvisor-ligolo@v0.0.0-20240123134145-a858404967ba/pkg/sentry/fsimpl/kernfs/synthetic_directory.go (about) 1 // Copyright 2019 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package kernfs 16 17 import ( 18 "fmt" 19 20 "github.com/ttpreport/gvisor-ligolo/pkg/abi/linux" 21 "github.com/ttpreport/gvisor-ligolo/pkg/context" 22 "github.com/ttpreport/gvisor-ligolo/pkg/errors/linuxerr" 23 "github.com/ttpreport/gvisor-ligolo/pkg/sentry/kernel/auth" 24 "github.com/ttpreport/gvisor-ligolo/pkg/sentry/vfs" 25 ) 26 27 // syntheticDirectory implements kernfs.Inode for a directory created by 28 // MkdirAt(ForSyntheticMountpoint=true). 29 // 30 // +stateify savable 31 type syntheticDirectory struct { 32 InodeAlwaysValid 33 InodeAttrs 34 InodeNoStatFS 35 InodeNotAnonymous 36 InodeNotSymlink 37 InodeWatches 38 OrderedChildren 39 syntheticDirectoryRefs 40 41 locks vfs.FileLocks 42 } 43 44 var _ Inode = (*syntheticDirectory)(nil) 45 46 func newSyntheticDirectory(ctx context.Context, creds *auth.Credentials, perm linux.FileMode) Inode { 47 if perm&^linux.PermissionsMask != 0 { 48 panic(fmt.Sprintf("perm contains non-permission bits: %#o", perm)) 49 } 50 dir := &syntheticDirectory{} 51 dir.InitRefs() 52 dir.InodeAttrs.Init(ctx, creds, 0 /* devMajor */, 0 /* devMinor */, 0 /* ino */, linux.S_IFDIR|perm) 53 dir.OrderedChildren.Init(OrderedChildrenOptions{ 54 Writable: true, 55 }) 56 return dir 57 } 58 59 // Open implements Inode.Open. 60 func (dir *syntheticDirectory) Open(ctx context.Context, rp *vfs.ResolvingPath, d *Dentry, opts vfs.OpenOptions) (*vfs.FileDescription, error) { 61 fd, err := NewGenericDirectoryFD(rp.Mount(), d, &dir.OrderedChildren, &dir.locks, &opts, GenericDirectoryFDOptions{}) 62 if err != nil { 63 return nil, err 64 } 65 return &fd.vfsfd, nil 66 } 67 68 // NewFile implements Inode.NewFile. 69 func (dir *syntheticDirectory) NewFile(ctx context.Context, name string, opts vfs.OpenOptions) (Inode, error) { 70 return nil, linuxerr.EPERM 71 } 72 73 // NewDir implements Inode.NewDir. 74 func (dir *syntheticDirectory) NewDir(ctx context.Context, name string, opts vfs.MkdirOptions) (Inode, error) { 75 if !opts.ForSyntheticMountpoint { 76 return nil, linuxerr.EPERM 77 } 78 subdirI := newSyntheticDirectory(ctx, auth.CredentialsFromContext(ctx), opts.Mode&linux.PermissionsMask) 79 if err := dir.OrderedChildren.Insert(name, subdirI); err != nil { 80 subdirI.DecRef(ctx) 81 return nil, err 82 } 83 dir.TouchCMtime(ctx) 84 return subdirI, nil 85 } 86 87 // NewLink implements Inode.NewLink. 88 func (dir *syntheticDirectory) NewLink(ctx context.Context, name string, target Inode) (Inode, error) { 89 return nil, linuxerr.EPERM 90 } 91 92 // NewSymlink implements Inode.NewSymlink. 93 func (dir *syntheticDirectory) NewSymlink(ctx context.Context, name, target string) (Inode, error) { 94 return nil, linuxerr.EPERM 95 } 96 97 // NewNode implements Inode.NewNode. 98 func (dir *syntheticDirectory) NewNode(ctx context.Context, name string, opts vfs.MknodOptions) (Inode, error) { 99 return nil, linuxerr.EPERM 100 } 101 102 // DecRef implements Inode.DecRef. 103 func (dir *syntheticDirectory) DecRef(ctx context.Context) { 104 dir.syntheticDirectoryRefs.DecRef(func() { dir.Destroy(ctx) }) 105 } 106 107 // Keep implements Inode.Keep. This is redundant because inodes will never be 108 // created via Lookup and inodes are always valid. Makes sense to return true 109 // because these inodes are not temporary and should only be removed on RmDir. 110 func (dir *syntheticDirectory) Keep() bool { 111 return true 112 }