mirror of
https://github.com/microsoft/WSL.git
synced 2026-06-01 01:02:31 -05:00
10a2c551c5
HCS fails with E_ACCESSDENIED when starting a VM whose user-supplied kernelModules or systemDistro VHDs live somewhere VMWP cannot read (e.g. under the user profile). Eagerly call HcsGrantVmAccess on those paths while impersonating the user, before the VM is started. The grant is best-effort: it requires WRITE_DAC on the file (typically via ownership), which the impersonated user may lack for VHDs they only have READ access to (e.g. SYSTEM-owned VHDs reachable via inherited folder ACLs). Failures are logged via CATCH_LOG; if VMWP truly cannot read the VHD, StartComputeSystem will still surface a clear E_ACCESSDENIED. Adds two regression tests: - CustomVhdsInUserProfile: VHDs under %TEMP%, exercises the grant path. - CustomVhdsAccessibleViaInheritedAcls: VHDs in the install dir launched as a non-elevated user, exercises the swallowed-grant-failure path. Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Ben Hillis <benhill@ntdev.microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>