kernel: Honor the sticky bit

kernel/src/fs/VFS.cpp

@@ -168,6 +168,11 @@ namespace VFS
         return inode->mode() & S_ISGID;
     }
 
+    bool is_sticky(SharedPtr<Inode> inode)
+    {
+        return inode->mode() & S_ISVTX;
+    }
+
     bool is_seekable(SharedPtr<Inode> inode)
     {
         return inode->type() != InodeType::FIFO && inode->type() != InodeType::CharacterDevice;

kernel/src/fs/VFS.h

@@ -290,6 +290,7 @@ namespace VFS
     bool can_write(SharedPtr<Inode> inode, Credentials auth);
     bool is_setuid(SharedPtr<Inode> inode);
     bool is_setgid(SharedPtr<Inode> inode);
+    bool is_sticky(SharedPtr<Inode> inode);
 
     bool is_seekable(SharedPtr<Inode> inode);
 

kernel/src/sys/link.cpp

@@ -25,11 +25,12 @@ Result<u64> sys_unlinkat(Registers*, SyscallArgs args)
     auto inode = TRY(current->resolve_atfile(dirfd, dirname, false, false));
     if (!VFS::can_write(inode, current->auth)) return err(EACCES);
 
-    if (flags > 0)
+    auto child = TRY(inode->find(basename.chars()));
-    {
+    if (flags == AT_REMOVEDIR && child->type() != VFS::InodeType::Directory) return err(ENOTDIR);
-        auto child = TRY(inode->find(basename.chars()));
+
-        if (child->type() != VFS::InodeType::Directory) return err(ENOTDIR);
+    if (current->auth.euid != 0 && VFS::is_sticky(inode) && current->auth.euid != inode->uid() &&
-    }
+        current->auth.euid != child->uid())
+        return err(EACCES);
 
     TRY(inode->remove_entry(basename.chars()));