gvisor: Add support for the MS_NOEXEC mount option

https://github.com/google/gvisor/issues/145 PiperOrigin-RevId: 242044115 Change-Id: I8f140fe05e32ecd438b6be218e224e4b7fe05878
author: Andrei Vagin <avagin@google.com> 2019-04-04 17:42:51 -0700
committer: Shentubot <shentubot@google.com> 2019-04-04 17:43:53 -0700
commit: 88409e983c463b6d9c8085e7fdbe7ff45b3c5184 (patch)
tree: f5ba3e9b1c67a7641a8d4d7c4106bd5bc5c2dcf1 /pkg/sentry/fs/filesystems.go
parent: 75a5ccf5d98876c26305da0feff20e4a148027ec (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/sentry/fs/filesystems.go b/pkg/sentry/fs/filesystems.go
index aa664b973..a6b27c402 100644
--- a/pkg/sentry/fs/filesystems.go
+++ b/pkg/sentry/fs/filesystems.go
@@ -140,6 +140,10 @@ type MountSourceFlags struct {
 	// cache, even when the platform supports direct mapped I/O. This
 	// doesn't correspond to any Linux mount options.
 	ForcePageCache bool
+
+	// NoExec corresponds to mount(2)'s "MS_NOEXEC" and indicates that
+	// binaries from this file system can't be executed.
+	NoExec bool
 }
 
 // GenericMountSourceOptions splits a string containing comma separated tokens of the
author	Andrei Vagin <avagin@google.com>	2019-04-04 17:42:51 -0700
committer	Shentubot <shentubot@google.com>	2019-04-04 17:43:53 -0700
commit	88409e983c463b6d9c8085e7fdbe7ff45b3c5184 (patch)
tree	f5ba3e9b1c67a7641a8d4d7c4106bd5bc5c2dcf1 /pkg/sentry/fs/filesystems.go
parent	75a5ccf5d98876c26305da0feff20e4a148027ec (diff)