// setup standard pipes so that the TTY of the calling runc process
// is not inherited by the container.
func createStdioPipes(p *libcontainer.Process, rootuid int) (*tty, error) {
var (
t = &tty{}
fds []int
)
r, w, err := os.Pipe()
if err != nil {
return nil, err
}
fds = append(fds, int(r.Fd()), int(w.Fd()))
go io.Copy(w, os.Stdin)
t.closers = append(t.closers, w)
p.Stdin = r
if r, w, err = os.Pipe(); err != nil {
return nil, err
}
fds = append(fds, int(r.Fd()), int(w.Fd()))
go io.Copy(os.Stdout, r)
p.Stdout = w
t.closers = append(t.closers, r)
if r, w, err = os.Pipe(); err != nil {
return nil, err
}
fds = append(fds, int(r.Fd()), int(w.Fd()))
go io.Copy(os.Stderr, r)
p.Stderr = w
t.closers = append(t.closers, r)
// change the ownership of the pipe fds incase we are in a user namespace.
for _, fd := range fds {
if err := syscall.Fchown(fd, rootuid, rootuid); err != nil {
return nil, err
}
}
return t, nil
}
// fixStdioPermissions fixes the permissions of PID 1's STDIO within the container to the specified user.
// The ownership needs to match because it is created outside of the container and needs to be
// localized.
func fixStdioPermissions(u *user.ExecUser) error {
var null syscall.Stat_t
if err := syscall.Stat("/dev/null", &null); err != nil {
return err
}
for _, fd := range []uintptr{
os.Stdin.Fd(),
os.Stderr.Fd(),
os.Stdout.Fd(),
} {
var s syscall.Stat_t
if err := syscall.Fstat(int(fd), &s); err != nil {
return err
}
// Skip chown of /dev/null if it was used as one of the STDIO fds.
if s.Rdev == null.Rdev {
continue
}
// We only change the uid owner (as it is possible for the mount to
// prefer a different gid, and there's no reason for us to change it).
// The reason why we don't just leave the default uid=X mount setup is
// that users expect to be able to actually use their console. Without
// this code, you couldn't effectively run as a non-root user inside a
// container and also have a console set up.
if err := syscall.Fchown(int(fd), u.Uid, int(s.Gid)); err != nil {
return err
}
}
return nil
}
// Chown changes the numeric uid and gid of the named file.
// If there is an error, it will be of type *PathError.
func (f *File) Chown(uid, gid int) error {
if f == nil {
return ErrInvalid
}
if e := syscall.Fchown(f.fd, uid, gid); e != nil {
return &PathError{"chown", f.name, e}
}
return nil
}
// setupUser changes the groups, gid, and uid for the user inside the container
func setupUser(config *initConfig) error {
// Set up defaults.
defaultExecUser := user.ExecUser{
Uid: syscall.Getuid(),
Gid: syscall.Getgid(),
Home: "/",
}
passwdPath, err := user.GetPasswdPath()
if err != nil {
return err
}
groupPath, err := user.GetGroupPath()
if err != nil {
return err
}
execUser, err := user.GetExecUserPath(config.User, &defaultExecUser, passwdPath, groupPath)
if err != nil {
return err
}
var addGroups []int
if len(config.Config.AdditionalGroups) > 0 {
addGroups, err = user.GetAdditionalGroupsPath(config.Config.AdditionalGroups, groupPath)
if err != nil {
return err
}
}
// change the permissions on the STDIO of the current process so that when the user
// is changed for the container, it's STDIO of the process matches the user.
for _, fd := range []uintptr{
os.Stdin.Fd(),
os.Stderr.Fd(),
os.Stdout.Fd(),
} {
if err := syscall.Fchown(int(fd), execUser.Uid, execUser.Gid); err != nil {
return err
}
}
suppGroups := append(execUser.Sgids, addGroups...)
if err := syscall.Setgroups(suppGroups); err != nil {
return err
}
if err := system.Setgid(execUser.Gid); err != nil {
return err
}
if err := system.Setuid(execUser.Uid); err != nil {
return err
}
// if we didn't get HOME already, set it based on the user's HOME
if envHome := os.Getenv("HOME"); envHome == "" {
if err := os.Setenv("HOME", execUser.Home); err != nil {
return err
}
}
return nil
}
// Chown changes the numeric uid and gid of the named file.
// If there is an error, it will be of type *PathError.
func (f *File) Chown(uid, gid int) error {
if err := f.checkValid("chown"); err != nil {
return err
}
if e := syscall.Fchown(f.fd, uid, gid); e != nil {
return &PathError{"chown", f.name, e}
}
return nil
}
func RestrictedChown(cwdFd int, file string, origStat os.FileInfo, uid, gid, reqUid, reqGid int) RCHStatus {
status := RCOK
openflags := syscall.O_NONBLOCK | syscall.O_NOCTTY
if reqUid == -1 && reqGid == 1 {
return RCDoOrdinaryChown
}
if !origStat.Mode().IsRegular() {
if !origStat.Mode().IsDir() {
return RCDoOrdinaryChown
}
openflags |= syscall.O_DIRECTORY
}
fd, err := syscall.Openat(cwdFd, file, syscall.O_RDONLY|openflags, 0)
if !(0 <= fd ||
err == syscall.EACCES &&
origStat.Mode().IsRegular()) {
if fd, err = syscall.Openat(cwdFd, file, syscall.O_WRONLY|openflags, 0); 0 > fd {
if err == syscall.EACCES {
return RCDoOrdinaryChown
}
return RCError
}
}
var stat syscall.Stat_t
if err := syscall.Fstat(fd, &stat); err != nil {
status = RCError
} else if !sameFile(origStat.Sys().(*syscall.Stat_t), &stat) {
status = RCInodeChanged
} else if reqUid == -1 || uint32(reqUid) == stat.Uid &&
(reqGid == -1 || uint32(reqGid) == stat.Gid) {
if syscall.Fchown(fd, uid, gid) == nil {
if syscall.Close(fd) == nil {
return RCOK
}
return RCError
} else {
status = RCError
}
}
return status
}
func dupStdio(process *libcontainer.Process, rootuid int) error {
process.Stdin = os.Stdin
process.Stdout = os.Stdout
process.Stderr = os.Stderr
for _, fd := range []uintptr{
os.Stdin.Fd(),
os.Stdout.Fd(),
os.Stderr.Fd(),
} {
if err := syscall.Fchown(int(fd), rootuid, rootuid); err != nil {
return err
}
}
return nil
}
func chownFds(uid, gid int) error {
fdList, err := ioutil.ReadDir("/proc/self/fd")
if err != nil {
return err
}
for _, fi := range fdList {
fd, err := strconv.Atoi(fi.Name())
if err != nil {
// ignore non-numeric file names
continue
}
if err = syscall.Fchown(fd, uid, gid); err != nil {
// "bad file descriptor" probably just means it no longer exists since we did "readdir", so ignore that
if err != syscall.EBADF {
return err
}
}
}
return nil
}
// InitializeIO creates pipes for use with the process's STDIO
// and returns the opposite side for each
func (p *Process) InitializeIO(rootuid int) (i *IO, err error) {
var fds []uintptr
i = &IO{}
// cleanup in case of an error
defer func() {
if err != nil {
for _, fd := range fds {
syscall.Close(int(fd))
}
}
}()
// STDIN
r, w, err := os.Pipe()
if err != nil {
return nil, err
}
fds = append(fds, r.Fd(), w.Fd())
p.Stdin, i.Stdin = r, w
// STDOUT
if r, w, err = os.Pipe(); err != nil {
return nil, err
}
fds = append(fds, r.Fd(), w.Fd())
p.Stdout, i.Stdout = w, r
// STDERR
if r, w, err = os.Pipe(); err != nil {
return nil, err
}
fds = append(fds, r.Fd(), w.Fd())
p.Stderr, i.Stderr = w, r
// change ownership of the pipes incase we are in a user namespace
for _, fd := range fds {
if err := syscall.Fchown(int(fd), rootuid, rootuid); err != nil {
return nil, err
}
}
return i, nil
}
// fixStdioPermissions fixes the permissions of PID 1's STDIO within the container to the specified user.
// The ownership needs to match because it is created outside of the container and needs to be
// localized.
func fixStdioPermissions(u *user.ExecUser) error {
var null syscall.Stat_t
if err := syscall.Stat("/dev/null", &null); err != nil {
return err
}
for _, fd := range []uintptr{
os.Stdin.Fd(),
os.Stderr.Fd(),
os.Stdout.Fd(),
} {
var s syscall.Stat_t
if err := syscall.Fstat(int(fd), &s); err != nil {
return err
}
// skip chown of /dev/null if it was used as one of the STDIO fds.
if s.Rdev == null.Rdev {
continue
}
if err := syscall.Fchown(int(fd), u.Uid, u.Gid); err != nil {
return err
}
}
return nil
}
// Chown changes the numeric uid and gid of the named file.
func (f *File) Chown(uid, gid int) Error {
if e := syscall.Fchown(f.fd, uid, gid); e != 0 {
return &PathError{"chown", f.name, Errno(e)}
}
return nil
}
func setupPipes(container *configs.Config, processConfig *execdriver.ProcessConfig, p *libcontainer.Process, pipes *execdriver.Pipes, wg *sync.WaitGroup) ([]io.WriteCloser, error) {
writers := []io.WriteCloser{}
rootuid, err := container.HostUID()
if err != nil {
return writers, err
}
if processConfig.Tty {
cons, err := p.NewConsole(rootuid)
if err != nil {
return writers, err
}
term, err := NewTtyConsole(cons, pipes)
if err != nil {
return writers, err
}
processConfig.Terminal = term
return writers, nil
}
// not a tty--set up stdio pipes
term := &execdriver.StdConsole{}
processConfig.Terminal = term
// if we are not in a user namespace, there is no reason to go through
// the hassle of setting up os-level pipes with proper (remapped) ownership
// so we will do the prior shortcut for non-userns containers
if rootuid == 0 {
p.Stdout = pipes.Stdout
p.Stderr = pipes.Stderr
r, w, err := os.Pipe()
if err != nil {
return writers, err
}
if pipes.Stdin != nil {
go func() {
io.Copy(w, pipes.Stdin)
w.Close()
}()
p.Stdin = r
}
return writers, nil
}
// if we have user namespaces enabled (rootuid != 0), we will set
// up os pipes for stderr, stdout, stdin so we can chown them to
// the proper ownership to allow for proper access to the underlying
// fds
var fds []uintptr
copyPipes := func(out io.Writer, in io.ReadCloser) {
defer wg.Done()
io.Copy(out, in)
in.Close()
}
//setup stdout
r, w, err := os.Pipe()
if err != nil {
w.Close()
return writers, err
}
writers = append(writers, w)
fds = append(fds, r.Fd(), w.Fd())
if pipes.Stdout != nil {
wg.Add(1)
go copyPipes(pipes.Stdout, r)
}
term.Closers = append(term.Closers, r)
p.Stdout = w
//setup stderr
r, w, err = os.Pipe()
if err != nil {
w.Close()
return writers, err
}
writers = append(writers, w)
fds = append(fds, r.Fd(), w.Fd())
if pipes.Stderr != nil {
wg.Add(1)
go copyPipes(pipes.Stderr, r)
}
term.Closers = append(term.Closers, r)
p.Stderr = w
//setup stdin
r, w, err = os.Pipe()
if err != nil {
r.Close()
return writers, err
}
fds = append(fds, r.Fd(), w.Fd())
if pipes.Stdin != nil {
go func() {
io.Copy(w, pipes.Stdin)
w.Close()
}()
p.Stdin = r
}
for _, fd := range fds {
if err := syscall.Fchown(int(fd), rootuid, rootuid); err != nil {
return writers, fmt.Errorf("Failed to chown pipes fd: %v", err)
}
}
return writers, nil
}
func (fs *Fs) wstatPost(fid *Fid, cur *Dir, next *Dir) error {
defer fid.file.unlock()
// Rename the file.
if next.Name != "" &&
next.Name != cur.Name {
new_path := path.Join(path.Dir(fid.Path), next.Name)
err := fid.file.rename(fs, fid.Path, new_path)
if err != nil {
return err
}
}
// Update our access times.
atime := cur.Atime
mtime := cur.Atime
if next.Atime != math.MaxUint32 {
atime = next.Atime
}
if next.Mtime != math.MaxUint32 {
mtime = next.Mtime
}
if atime != cur.Atime || mtime != cur.Mtime {
err := syscall.Futimes(
fid.file.write_fd,
[]syscall.Timeval{
syscall.Timeval{int64(atime), 0},
syscall.Timeval{int64(mtime), 0},
})
if err != nil {
return err
}
}
// Truncate the file.
if next.Length != math.MaxUint64 &&
next.Length != cur.Length {
err := syscall.Ftruncate(fid.file.write_fd, int64(next.Length))
if err != nil {
return err
}
}
// Change the owner.
uid := cur.Uidnum
gid := cur.Gidnum
if next.Uidnum != math.MaxUint32 &&
next.Uidnum != cur.Uidnum {
uid = next.Uidnum
}
if next.Gidnum != math.MaxUint32 &&
next.Gidnum != cur.Gidnum {
gid = next.Gidnum
}
if uid != cur.Uidnum || gid != cur.Gidnum {
err := syscall.Fchown(fid.file.write_fd, int(uid), int(gid))
if err != nil {
return err
}
}
return nil
}
// Run as pid 1 and monitor the contained process to return its exit code.
func containerInitApp(c *Config, logFile *os.File) error {
log := logger.New()
init := newContainerInit(c, logFile)
log.Debug("registering RPC server")
if err := rpcplus.Register(init); err != nil {
log.Error("error registering RPC server", "err", err)
return err
}
init.mtx.Lock()
defer init.mtx.Unlock()
// Prepare the cmd based on the given args
// If this fails we report that below
cmdPath, cmdErr := getCmdPath(c)
cmd := exec.Command(cmdPath, c.Args[1:]...)
cmd.Dir = c.WorkDir
cmd.Env = make([]string, 0, len(c.Env))
for k, v := range c.Env {
cmd.Env = append(cmd.Env, k+"="+v)
}
// App runs in its own session
cmd.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
if c.Uid != nil || c.Gid != nil {
cmd.SysProcAttr.Credential = &syscall.Credential{}
if c.Uid != nil {
cmd.SysProcAttr.Credential.Uid = *c.Uid
}
if c.Gid != nil {
cmd.SysProcAttr.Credential.Gid = *c.Gid
}
}
// Console setup. Hook up the container app's stdin/stdout/stderr to
// either a pty or pipes. The FDs for the controlling side of the
// pty/pipes will be passed to flynn-host later via a UNIX socket.
if c.TTY {
log.Debug("creating PTY")
ptyMaster, ptySlave, err := pty.Open()
if err != nil {
log.Error("error creating PTY", "err", err)
return err
}
init.ptyMaster = ptyMaster
cmd.Stdout = ptySlave
cmd.Stderr = ptySlave
if c.OpenStdin {
log.Debug("attaching stdin to PTY")
cmd.Stdin = ptySlave
cmd.SysProcAttr.Setctty = true
}
if c.Uid != nil && c.Gid != nil {
if err := syscall.Fchown(int(ptySlave.Fd()), int(*c.Uid), int(*c.Gid)); err != nil {
log.Error("error changing PTY ownership", "err", err)
return err
}
}
} else {
// We copy through a socketpair (rather than using cmd.StdoutPipe directly) to make
// it easier for flynn-host to do non-blocking I/O (via net.FileConn) so that no
// read(2) calls can succeed after closing the logs during an update.
//
// We also don't assign the socketpair directly to fd 1 because that prevents jobs
// using /dev/stdout (calling open(2) on a socket leads to an ENXIO error, see
// http://marc.info/?l=ast-users&m=120978595414993).
newPipe := func(pipeFn func() (io.ReadCloser, error), name string) (*os.File, error) {
pipe, err := pipeFn()
if err != nil {
return nil, err
}
if c.Uid != nil && c.Gid != nil {
if err := syscall.Fchown(int(pipe.(*os.File).Fd()), int(*c.Uid), int(*c.Gid)); err != nil {
return nil, err
}
}
sockR, sockW, err := newSocketPair(name)
if err != nil {
return nil, err
}
go func() {
defer sockW.Close()
for {
// copy data from the pipe to the socket using splice(2)
// (rather than io.Copy) to avoid a needless copy through
// user space
n, err := syscall.Splice(int(pipe.(*os.File).Fd()), nil, int(sockW.Fd()), nil, 65535, 0)
if err != nil || n == 0 {
return
}
}
}()
return sockR, nil
}
log.Debug("creating stdout pipe")
var err error
init.stdout, err = newPipe(cmd.StdoutPipe, "stdout")
if err != nil {
log.Error("error creating stdout pipe", "err", err)
return err
}
log.Debug("creating stderr pipe")
init.stderr, err = newPipe(cmd.StderrPipe, "stderr")
if err != nil {
log.Error("error creating stderr pipe", "err", err)
return err
}
if c.OpenStdin {
// Can't use cmd.StdinPipe() here, since in Go 1.2 it
// returns an io.WriteCloser with the underlying object
// being an *exec.closeOnce, neither of which provides
// a way to convert to an FD.
log.Debug("creating stdin pipe")
pipeRead, pipeWrite, err := os.Pipe()
if err != nil {
log.Error("creating stdin pipe", "err", err)
return err
}
cmd.Stdin = pipeRead
init.stdin = pipeWrite
}
}
go runRPCServer()
// Wait for flynn-host to tell us to start
init.mtx.Unlock() // Allow calls
log.Debug("waiting to be resumed")
<-init.resume
log.Debug("resuming")
init.mtx.Lock()
log.Info("starting the job", "args", cmd.Args)
if cmdErr != nil {
log.Error("error starting the job", "err", cmdErr)
init.changeState(StateFailed, cmdErr.Error(), -1)
init.exit(1)
}
if err := cmd.Start(); err != nil {
log.Error("error starting the job", "err", err)
init.changeState(StateFailed, err.Error(), -1)
init.exit(1)
}
log.Debug("setting state to running")
init.process = cmd.Process
init.changeState(StateRunning, "", -1)
init.mtx.Unlock() // Allow calls
// monitor services
hbs := make([]discoverd.Heartbeater, 0, len(c.Ports))
for _, port := range c.Ports {
if port.Service == nil {
continue
}
log := log.New("name", port.Service.Name, "port", port.Port, "proto", port.Proto)
log.Info("monitoring service")
hb, err := monitor(port, init, c.Env, log)
if err != nil {
log.Error("error monitoring service", "err", err)
os.Exit(70)
}
hbs = append(hbs, hb)
}
exitCode := babySit(init, hbs)
log.Info("job exited", "status", exitCode)
init.mtx.Lock()
init.changeState(StateExited, "", exitCode)
init.mtx.Unlock() // Allow calls
log.Info("exiting")
init.exit(exitCode)
return nil
}
func (k *PosixKernel) Fchown(fd, uid, gid int) uint64 {
return Errno(syscall.Fchown(fd, uid, gid))
}
func setupPipes(container *configs.Config, processConfig *execdriver.ProcessConfig, p *libcontainer.Process, pipes *execdriver.Pipes) error {
rootuid, err := container.HostUID()
if err != nil {
return err
}
if processConfig.Tty {
cons, err := p.NewConsole(rootuid)
if err != nil {
return err
}
term, err := NewTtyConsole(cons, pipes)
if err != nil {
return err
}
processConfig.Terminal = term
return nil
}
// not a tty--set up stdio pipes
term := &execdriver.StdConsole{}
processConfig.Terminal = term
// if we are not in a user namespace, there is no reason to go through
// the hassle of setting up os-level pipes with proper (remapped) ownership
// so we will do the prior shortcut for non-userns containers
if rootuid == 0 {
p.Stdout = pipes.Stdout
p.Stderr = pipes.Stderr
r, w, err := os.Pipe()
if err != nil {
return err
}
if pipes.Stdin != nil {
go func() {
io.Copy(w, pipes.Stdin)
w.Close()
}()
p.Stdin = r
}
return nil
}
// if we have user namespaces enabled (rootuid != 0), we will set
// up os pipes for stderr, stdout, stdin so we can chown them to
// the proper ownership to allow for proper access to the underlying
// fds
var fds []int
//setup stdout
r, w, err := os.Pipe()
if err != nil {
return err
}
fds = append(fds, int(r.Fd()), int(w.Fd()))
if pipes.Stdout != nil {
go io.Copy(pipes.Stdout, r)
}
term.Closers = append(term.Closers, r)
p.Stdout = w
//setup stderr
r, w, err = os.Pipe()
if err != nil {
return err
}
fds = append(fds, int(r.Fd()), int(w.Fd()))
if pipes.Stderr != nil {
go io.Copy(pipes.Stderr, r)
}
term.Closers = append(term.Closers, r)
p.Stderr = w
//setup stdin
r, w, err = os.Pipe()
if err != nil {
return err
}
fds = append(fds, int(r.Fd()), int(w.Fd()))
if pipes.Stdin != nil {
go func() {
io.Copy(w, pipes.Stdin)
w.Close()
}()
p.Stdin = r
}
for _, fd := range fds {
if err := syscall.Fchown(fd, rootuid, rootuid); err != nil {
return fmt.Errorf("Failed to chown pipes fd: %v", err)
}
}
return nil
}
func (constor *Constor) SetAttr(input *fuse.SetAttrIn, out *fuse.AttrOut) fuse.Status {
var err error
uid := -1
gid := -1
inode := constor.inodemap.findInodePtr(input.NodeId)
if inode == nil {
constor.error("inode nil")
return fuse.EIO
}
constor.log("%s %d", inode.id, input.Valid)
// if ((input.Valid & fuse.FATTR_FH) !=0) && ((input.Valid & (fuse.FATTR_ATIME | fuse.FATTR_MTIME)) == 0) {
if ((input.Valid & fuse.FATTR_FH) != 0) && ((input.Valid & fuse.FATTR_SIZE) != 0) {
ptr := uintptr(input.Fh)
F := constor.getfd(ptr)
if F == nil {
constor.error("F == nil for %s", inode.id)
return fuse.EIO
}
if F.layer != 0 && inode.layer == -1 {
/* FIXME handle this valid case */
// file is in lower layer, opened, deleted, setattr-called
constor.error("FSetAttr F.layer=%d inode.layer=%d", F.layer, inode.layer)
return fuse.EIO
}
if F.layer != 0 && inode.layer != 0 {
err := constor.copyup(inode)
if err != nil {
constor.error("copyup failed for %s - %s", inode.id, err)
return fuse.ToStatus(err)
}
path := constor.getPath(0, inode.id)
syscall.Close(F.fd)
fd, err := syscall.Open(path, F.flags, 0)
if err != nil {
constor.error("open failed on %s - %s", path, err)
return fuse.ToStatus(err)
}
F.fd = fd
F.layer = 0
constor.log("reset fd for %s", path)
} else if F.layer != 0 && inode.layer == 0 {
// when some other process already has done a copyup
syscall.Close(F.fd)
path := constor.getPath(0, inode.id)
fd, err := syscall.Open(path, F.flags, 0)
if err != nil {
constor.error("open failed on %s - %s", path, err)
return fuse.ToStatus(err)
}
F.fd = fd
F.layer = 0
constor.log("reset fd for %s", path)
}
if F.layer != 0 {
constor.error("layer not 0")
return fuse.EIO
}
if input.Valid&fuse.FATTR_MODE != 0 {
permissions := uint32(07777) & input.Mode
err = syscall.Fchmod(F.fd, permissions)
if err != nil {
constor.error("Fchmod failed on %s - %d : %s", F.id, permissions, err)
return fuse.ToStatus(err)
}
}
if input.Valid&(fuse.FATTR_UID) != 0 {
uid = int(input.Uid)
}
if input.Valid&(fuse.FATTR_GID) != 0 {
gid = int(input.Gid)
}
if input.Valid&(fuse.FATTR_UID|fuse.FATTR_GID) != 0 {
err = syscall.Fchown(F.fd, uid, gid)
if err != nil {
constor.error("Fchown failed on %s - %d %d : %s", F.id, uid, gid, err)
return fuse.ToStatus(err)
}
}
if input.Valid&fuse.FATTR_SIZE != 0 {
err := syscall.Ftruncate(F.fd, int64(input.Size))
if err != nil {
constor.error("Ftruncate failed on %s - %d : %s", F.id, input.Size, err)
return fuse.ToStatus(err)
}
}
if input.Valid&(fuse.FATTR_ATIME|fuse.FATTR_MTIME|fuse.FATTR_ATIME_NOW|fuse.FATTR_MTIME_NOW) != 0 {
now := time.Now()
var tv []syscall.Timeval
tv = make([]syscall.Timeval, 2)
if input.Valid&fuse.FATTR_ATIME_NOW != 0 {
tv[0].Sec = now.Unix()
tv[0].Usec = now.UnixNano() / 1000
} else {
tv[0].Sec = int64(input.Atime)
tv[0].Usec = int64(input.Atimensec / 1000)
}
if input.Valid&fuse.FATTR_MTIME_NOW != 0 {
tv[1].Sec = now.Unix()
tv[1].Usec = now.UnixNano() / 1000
} else {
tv[1].Sec = int64(input.Atime)
tv[1].Usec = int64(input.Atimensec / 1000)
}
err := syscall.Futimes(F.fd, tv)
if err != nil {
constor.error("Futimes failed on %s : %s", F.id, err)
return fuse.ToStatus(err)
}
}
stat := syscall.Stat_t{}
err = syscall.Fstat(F.fd, &stat)
if err != nil {
constor.error("Fstat failed on %s : %s", F.id, err)
return fuse.ToStatus(err)
}
attr := (*fuse.Attr)(&out.Attr)
attr.FromStat(&stat)
attr.Ino = idtoino(inode.id)
return fuse.OK
}
if inode.layer == -1 {
return fuse.ENOENT
}
if inode.layer != 0 {
err = constor.copyup(inode)
if err != nil {
constor.error("copyup failed for %s - %s", inode.id, err)
return fuse.ToStatus(err)
}
}
stat := syscall.Stat_t{}
path := constor.getPath(0, inode.id)
// just to satisfy PJD tests
if input.Valid == 0 {
err = syscall.Lchown(path, uid, gid)
if err != nil {
return fuse.ToStatus(err)
}
}
if input.Valid&fuse.FATTR_MODE != 0 {
permissions := uint32(07777) & input.Mode
err = syscall.Chmod(path, permissions)
if err != nil {
constor.error("Lchmod failed on %s - %d : %s", path, permissions, err)
return fuse.ToStatus(err)
}
}
if input.Valid&(fuse.FATTR_UID) != 0 {
uid = int(input.Uid)
}
if input.Valid&(fuse.FATTR_GID) != 0 {
gid = int(input.Gid)
}
if input.Valid&(fuse.FATTR_UID|fuse.FATTR_GID) != 0 {
constor.log("%s %d %d", path, uid, gid)
err = syscall.Lchown(path, uid, gid)
if err != nil {
constor.error("Lchown failed on %s - %d %d : %s", path, uid, gid, err)
return fuse.ToStatus(err)
}
}
if input.Valid&fuse.FATTR_SIZE != 0 {
err = syscall.Truncate(path, int64(input.Size))
if err != nil {
constor.error("Truncate failed on %s - %d : %s", path, input.Size, err)
return fuse.ToStatus(err)
}
}
if input.Valid&(fuse.FATTR_ATIME|fuse.FATTR_MTIME|fuse.FATTR_ATIME_NOW|fuse.FATTR_MTIME_NOW) != 0 {
now := time.Now()
var atime *time.Time
var mtime *time.Time
if input.Valid&fuse.FATTR_ATIME_NOW != 0 {
atime = &now
} else {
t := time.Unix(int64(input.Atime), int64(input.Atimensec))
atime = &t
}
if input.Valid&fuse.FATTR_MTIME_NOW != 0 {
mtime = &now
} else {
t := time.Unix(int64(input.Mtime), int64(input.Mtimensec))
mtime = &t
}
fi, err := os.Lstat(path)
if err != nil {
return fuse.ToStatus(err)
}
if fi.Mode()&os.ModeSymlink != os.ModeSymlink {
// FIXME: there is no Lchtimes
err = os.Chtimes(path, *atime, *mtime)
if err != nil {
constor.error("Chtimes failed on %s : %s", path, err)
return fuse.ToStatus(err)
}
} else {
constor.error("Chtimes on Symlink not supported")
}
}
attr := (*fuse.Attr)(&out.Attr)
err = constor.Lstat(inode.layer, inode.id, &stat)
if err != nil {
constor.error("Lstat failed on %s : %s", inode.id, err)
return fuse.ToStatus(err)
}
attr.FromStat(&stat)
attr.Ino = stat.Ino
return fuse.ToStatus(err)
}