285 lines
10 KiB
Go
285 lines
10 KiB
Go
// Copyright 2019 The gVisor Authors.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package vfs
|
|
|
|
import (
|
|
"gvisor.dev/gvisor/pkg/abi/linux"
|
|
"gvisor.dev/gvisor/pkg/sentry/socket/unix/transport"
|
|
)
|
|
|
|
// GetDentryOptions contains options to VirtualFilesystem.GetDentryAt() and
|
|
// FilesystemImpl.GetDentryAt().
|
|
//
|
|
// +stateify savable
|
|
type GetDentryOptions struct {
|
|
// If CheckSearchable is true, FilesystemImpl.GetDentryAt() must check that
|
|
// the returned Dentry is a directory for which creds has search
|
|
// permission.
|
|
CheckSearchable bool
|
|
}
|
|
|
|
// MkdirOptions contains options to VirtualFilesystem.MkdirAt() and
|
|
// FilesystemImpl.MkdirAt().
|
|
//
|
|
// +stateify savable
|
|
type MkdirOptions struct {
|
|
// Mode is the file mode bits for the created directory.
|
|
Mode linux.FileMode
|
|
|
|
// If ForSyntheticMountpoint is true, FilesystemImpl.MkdirAt() may create
|
|
// the given directory in memory only (as opposed to persistent storage).
|
|
// The created directory should be able to support the creation of
|
|
// subdirectories with ForSyntheticMountpoint == true. It does not need to
|
|
// support the creation of subdirectories with ForSyntheticMountpoint ==
|
|
// false, or files of other types.
|
|
//
|
|
// FilesystemImpls are permitted to ignore the ForSyntheticMountpoint
|
|
// option.
|
|
//
|
|
// The ForSyntheticMountpoint option exists because, unlike mount(2), the
|
|
// OCI Runtime Specification permits the specification of mount points that
|
|
// do not exist, under the expectation that container runtimes will create
|
|
// them. (More accurately, the OCI Runtime Specification completely fails
|
|
// to document this feature, but it's implemented by runc.)
|
|
// ForSyntheticMountpoint allows such mount points to be created even when
|
|
// the underlying persistent filesystem is immutable.
|
|
ForSyntheticMountpoint bool
|
|
}
|
|
|
|
// MknodOptions contains options to VirtualFilesystem.MknodAt() and
|
|
// FilesystemImpl.MknodAt().
|
|
//
|
|
// +stateify savable
|
|
type MknodOptions struct {
|
|
// Mode is the file type and mode bits for the created file.
|
|
Mode linux.FileMode
|
|
|
|
// If Mode specifies a character or block device special file, DevMajor and
|
|
// DevMinor are the major and minor device numbers for the created device.
|
|
DevMajor uint32
|
|
DevMinor uint32
|
|
|
|
// Endpoint is the endpoint to bind to the created file, if a socket file is
|
|
// being created for bind(2) on a Unix domain socket.
|
|
Endpoint transport.BoundEndpoint
|
|
}
|
|
|
|
// MountFlags contains flags as specified for mount(2), e.g. MS_NOEXEC.
|
|
// MS_RDONLY is not part of MountFlags because it's tracked in Mount.writers.
|
|
//
|
|
// +stateify savable
|
|
type MountFlags struct {
|
|
// NoExec is equivalent to MS_NOEXEC.
|
|
NoExec bool
|
|
|
|
// NoATime is equivalent to MS_NOATIME and indicates that the
|
|
// filesystem should not update access time in-place.
|
|
NoATime bool
|
|
|
|
// NoDev is equivalent to MS_NODEV and indicates that the
|
|
// filesystem should not allow access to devices (special files).
|
|
// TODO(gVisor.dev/issue/3186): respect this flag in non FUSE
|
|
// filesystems.
|
|
NoDev bool
|
|
|
|
// NoSUID is equivalent to MS_NOSUID and indicates that the
|
|
// filesystem should not honor set-user-ID and set-group-ID bits or
|
|
// file capabilities when executing programs.
|
|
NoSUID bool
|
|
}
|
|
|
|
// MountOptions contains options to VirtualFilesystem.MountAt().
|
|
//
|
|
// +stateify savable
|
|
type MountOptions struct {
|
|
// Flags contains flags as specified for mount(2), e.g. MS_NOEXEC.
|
|
Flags MountFlags
|
|
|
|
// ReadOnly is equivalent to MS_RDONLY.
|
|
ReadOnly bool
|
|
|
|
// GetFilesystemOptions contains options to FilesystemType.GetFilesystem().
|
|
GetFilesystemOptions GetFilesystemOptions
|
|
|
|
// InternalMount indicates whether the mount operation is coming from the
|
|
// application, i.e. through mount(2). If InternalMount is true, allow the use
|
|
// of filesystem types for which RegisterFilesystemTypeOptions.AllowUserMount
|
|
// == false.
|
|
InternalMount bool
|
|
}
|
|
|
|
// OpenOptions contains options to VirtualFilesystem.OpenAt() and
|
|
// FilesystemImpl.OpenAt().
|
|
//
|
|
// +stateify savable
|
|
type OpenOptions struct {
|
|
// Flags contains access mode and flags as specified for open(2).
|
|
//
|
|
// FilesystemImpls are responsible for implementing the following flags:
|
|
// O_RDONLY, O_WRONLY, O_RDWR, O_APPEND, O_CREAT, O_DIRECT, O_DSYNC,
|
|
// O_EXCL, O_NOATIME, O_NOCTTY, O_NONBLOCK, O_PATH, O_SYNC, O_TMPFILE, and
|
|
// O_TRUNC. VFS is responsible for handling O_DIRECTORY, O_LARGEFILE, and
|
|
// O_NOFOLLOW. VFS users are responsible for handling O_CLOEXEC, since file
|
|
// descriptors are mostly outside the scope of VFS.
|
|
Flags uint32
|
|
|
|
// If FilesystemImpl.OpenAt() creates a file, Mode is the file mode for the
|
|
// created file.
|
|
Mode linux.FileMode
|
|
|
|
// FileExec is set when the file is being opened to be executed.
|
|
// VirtualFilesystem.OpenAt() checks that the caller has execute permissions
|
|
// on the file, that the file is a regular file, and that the mount doesn't
|
|
// have MS_NOEXEC set.
|
|
FileExec bool
|
|
}
|
|
|
|
// ReadOptions contains options to FileDescription.PRead(),
|
|
// FileDescriptionImpl.PRead(), FileDescription.Read(), and
|
|
// FileDescriptionImpl.Read().
|
|
//
|
|
// +stateify savable
|
|
type ReadOptions struct {
|
|
// Flags contains flags as specified for preadv2(2).
|
|
Flags uint32
|
|
}
|
|
|
|
// RenameOptions contains options to VirtualFilesystem.RenameAt() and
|
|
// FilesystemImpl.RenameAt().
|
|
//
|
|
// +stateify savable
|
|
type RenameOptions struct {
|
|
// Flags contains flags as specified for renameat2(2).
|
|
Flags uint32
|
|
|
|
// If MustBeDir is true, the renamed file must be a directory.
|
|
MustBeDir bool
|
|
}
|
|
|
|
// SetStatOptions contains options to VirtualFilesystem.SetStatAt(),
|
|
// FilesystemImpl.SetStatAt(), FileDescription.SetStat(), and
|
|
// FileDescriptionImpl.SetStat().
|
|
//
|
|
// +stateify savable
|
|
type SetStatOptions struct {
|
|
// Stat is the metadata that should be set. Only fields indicated by
|
|
// Stat.Mask should be set.
|
|
//
|
|
// If Stat specifies that a timestamp should be set,
|
|
// FilesystemImpl.SetStatAt() and FileDescriptionImpl.SetStat() must
|
|
// special-case StatxTimestamp.Nsec == UTIME_NOW as described by
|
|
// utimensat(2); however, they do not need to check for StatxTimestamp.Nsec
|
|
// == UTIME_OMIT (VFS users must unset the corresponding bit in Stat.Mask
|
|
// instead).
|
|
Stat linux.Statx
|
|
|
|
// NeedWritePerm indicates that write permission on the file is needed for
|
|
// this operation. This is needed for truncate(2) (note that ftruncate(2)
|
|
// does not require the same check--instead, it checks that the fd is
|
|
// writable).
|
|
NeedWritePerm bool
|
|
}
|
|
|
|
// BoundEndpointOptions contains options to VirtualFilesystem.BoundEndpointAt()
|
|
// and FilesystemImpl.BoundEndpointAt().
|
|
//
|
|
// +stateify savable
|
|
type BoundEndpointOptions struct {
|
|
// Addr is the path of the file whose socket endpoint is being retrieved.
|
|
// It is generally irrelevant: most endpoints are stored at a dentry that
|
|
// was created through a bind syscall, so the path can be stored on creation.
|
|
// However, if the endpoint was created in FilesystemImpl.BoundEndpointAt(),
|
|
// then we may not know what the original bind address was.
|
|
//
|
|
// For example, if connect(2) is called with address "foo" which corresponds
|
|
// a remote named socket in goferfs, we need to generate an endpoint wrapping
|
|
// that file. In this case, we can use Addr to set the endpoint address to
|
|
// "foo". Note that Addr is only a best-effort attempt--we still do not know
|
|
// the exact address that was used on the remote fs to bind the socket (it
|
|
// may have been "foo", "./foo", etc.).
|
|
Addr string
|
|
}
|
|
|
|
// GetXattrOptions contains options to VirtualFilesystem.GetXattrAt(),
|
|
// FilesystemImpl.GetXattrAt(), FileDescription.GetXattr(), and
|
|
// FileDescriptionImpl.GetXattr().
|
|
//
|
|
// +stateify savable
|
|
type GetXattrOptions struct {
|
|
// Name is the name of the extended attribute to retrieve.
|
|
Name string
|
|
|
|
// Size is the maximum value size that the caller will tolerate. If the value
|
|
// is larger than size, getxattr methods may return ERANGE, but they are also
|
|
// free to ignore the hint entirely (i.e. the value returned may be larger
|
|
// than size). All size checking is done independently at the syscall layer.
|
|
Size uint64
|
|
}
|
|
|
|
// SetXattrOptions contains options to VirtualFilesystem.SetXattrAt(),
|
|
// FilesystemImpl.SetXattrAt(), FileDescription.SetXattr(), and
|
|
// FileDescriptionImpl.SetXattr().
|
|
//
|
|
// +stateify savable
|
|
type SetXattrOptions struct {
|
|
// Name is the name of the extended attribute being mutated.
|
|
Name string
|
|
|
|
// Value is the extended attribute's new value.
|
|
Value string
|
|
|
|
// Flags contains flags as specified for setxattr/lsetxattr/fsetxattr(2).
|
|
Flags uint32
|
|
}
|
|
|
|
// StatOptions contains options to VirtualFilesystem.StatAt(),
|
|
// FilesystemImpl.StatAt(), FileDescription.Stat(), and
|
|
// FileDescriptionImpl.Stat().
|
|
//
|
|
// +stateify savable
|
|
type StatOptions struct {
|
|
// Mask is the set of fields in the returned Statx that the FilesystemImpl
|
|
// or FileDescriptionImpl should provide. Bits are as in linux.Statx.Mask.
|
|
//
|
|
// The FilesystemImpl or FileDescriptionImpl may return fields not
|
|
// requested in Mask, and may fail to return fields requested in Mask that
|
|
// are not supported by the underlying filesystem implementation, without
|
|
// returning an error.
|
|
Mask uint32
|
|
|
|
// Sync specifies the synchronization required, and is one of
|
|
// linux.AT_STATX_SYNC_AS_STAT (which is 0, and therefore the default),
|
|
// linux.AT_STATX_SYNC_FORCE_SYNC, or linux.AT_STATX_SYNC_DONT_SYNC.
|
|
Sync uint32
|
|
}
|
|
|
|
// UmountOptions contains options to VirtualFilesystem.UmountAt().
|
|
//
|
|
// +stateify savable
|
|
type UmountOptions struct {
|
|
// Flags contains flags as specified for umount2(2).
|
|
Flags uint32
|
|
}
|
|
|
|
// WriteOptions contains options to FileDescription.PWrite(),
|
|
// FileDescriptionImpl.PWrite(), FileDescription.Write(), and
|
|
// FileDescriptionImpl.Write().
|
|
//
|
|
// +stateify savable
|
|
type WriteOptions struct {
|
|
// Flags contains flags as specified for pwritev2(2).
|
|
Flags uint32
|
|
}
|