overlayfs: Clear RENAME_NOREPLACE before calling into layers.

ayushr2 · gvisor-bot · commit cab42c621689 · 2025-06-10T16:28:57.000-07:00
This is consistent with what Linux does; see fs/overlayfs/dir.c:ovl_rename(). Fixes #11794 PiperOrigin-RevId: 769849304
diff --git a/pkg/sentry/fsimpl/overlay/filesystem.go b/pkg/sentry/fsimpl/overlay/filesystem.go
@@ -1267,6 +1267,10 @@ func (fs *filesystem) RenameAt(ctx context.Context, rp *vfs.ResolvingPath, oldPa
 		}
 	}
 
+	// Clear the RENAME_NOREPLACE flag. We already verified above that replaced
+	// is nil if this flag is set. Other filesystem implementations are not aware
+	// of whiteouts and may fail with EEXIST if a whiteout exists at newName.
+	opts.Flags &^= linux.RENAME_NOREPLACE
 	// Essentially no gVisor filesystem supports RENAME_WHITEOUT, so just do a
 	// regular rename and create the whiteout at the origin manually. Unlike
 	// RENAME_WHITEOUT, this isn't atomic with respect to other users of the
diff --git a/test/syscalls/linux/rename.cc b/test/syscalls/linux/rename.cc
@@ -464,25 +464,6 @@ TEST(RenameTest, SysfsDirectoryToSelf) {
   EXPECT_THAT(rename(path.c_str(), path.c_str()), SyscallSucceeds());
 }
 
-#ifndef SYS_renameat2
-#if defined(__x86_64__)
-#define SYS_renameat2 316
-#elif defined(__aarch64__)
-#define SYS_renameat2 276
-#else
-#error "Unknown architecture"
-#endif
-#endif  // SYS_renameat2
-
-#ifndef RENAME_NOREPLACE
-#define RENAME_NOREPLACE (1 << 0)
-#endif  // RENAME_NOREPLACE
-
-int renameat2(int olddirfd, const char* oldpath, int newdirfd,
-              const char* newpath, unsigned int flags) {
-  return syscall(SYS_renameat2, olddirfd, oldpath, newdirfd, newpath, flags);
-}
-
 TEST(Renameat2Test, NoReplaceSuccess) {
   auto f = ASSERT_NO_ERRNO_AND_VALUE(TempPath::CreateFile());
   std::string const newpath = NewTempAbsPath();
diff --git a/test/util/fs_util.cc b/test/util/fs_util.cc
@@ -737,5 +737,10 @@ ::testing::Matcher<mode_t> PermissionIs(mode_t want) {
   return MakeMatcher(new ModePermissionMatcher(want));
 }
 
+int renameat2(int olddirfd, const char* oldpath, int newdirfd,
+              const char* newpath, unsigned int flags) {
+  return syscall(SYS_renameat2, olddirfd, oldpath, newdirfd, newpath, flags);
+}
+
 }  // namespace testing
 }  // namespace gvisor
diff --git a/test/util/fs_util.h b/test/util/fs_util.h
@@ -43,6 +43,23 @@ constexpr int kOLargeFile = 00400000;
 // build environments.
 #define OVERLAYFS_SUPER_MAGIC 0x794c7630
 
+#ifndef SYS_renameat2
+#if defined(__x86_64__)
+#define SYS_renameat2 316
+#elif defined(__aarch64__)
+#define SYS_renameat2 276
+#else
+#error "Unknown architecture"
+#endif
+#endif  // SYS_renameat2
+
+#ifndef RENAME_NOREPLACE
+#define RENAME_NOREPLACE (1 << 0)
+#endif  // RENAME_NOREPLACE
+
+int renameat2(int olddirfd, const char* oldpath, int newdirfd,
+              const char* newpath, unsigned int flags);
+
 // Returns a status or the current working directory.
 PosixErrorOr<std::string> GetCWD();
 

Original file line number	Diff line number	Diff line change
`@@ -1267,6 +1267,10 @@ func (fs filesystem) RenameAt(ctx context.Context, rp vfs.ResolvingPath, oldPa`
`1267`	`1267`	`}`
`1268`	`1268`	`}`
`1269`	`1269`
	`1270`	`+ // Clear the RENAME_NOREPLACE flag. We already verified above that replaced`
	`1271`	`+ // is nil if this flag is set. Other filesystem implementations are not aware`
	`1272`	`+ // of whiteouts and may fail with EEXIST if a whiteout exists at newName.`
	`1273`	`+ opts.Flags &^= linux.RENAME_NOREPLACE`
`1270`	`1274`	`// Essentially no gVisor filesystem supports RENAME_WHITEOUT, so just do a`
`1271`	`1275`	`// regular rename and create the whiteout at the origin manually. Unlike`
`1272`	`1276`	`// RENAME_WHITEOUT, this isn't atomic with respect to other users of the`