Merge release-20210510.0-40-g25f0ab331 (automated)

author: gVisor bot <gvisor-bot@google.com> 2021-05-14 23:17:28 +0000
committer: gVisor bot <gvisor-bot@google.com> 2021-05-14 23:17:28 +0000
commit: a9fae2bee876ca5a57703417c45540ff9202d8b0 (patch)
tree: c16ef8115653b8676cf8460a40e7ffea77b5655f /pkg/sentry/fs/gofer
parent: 6df857e4b812257cbd7000d1f490943755c6614b (diff)
parent: 25f0ab3313c356fcfb9e4282eda3b2aa2278956d (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/pkg/sentry/fs/gofer/file.go b/pkg/sentry/fs/gofer/file.go
index 8f5a87120..bcdb2dda2 100644
--- a/pkg/sentry/fs/gofer/file.go
+++ b/pkg/sentry/fs/gofer/file.go
@@ -21,6 +21,7 @@ import (
 	"golang.org/x/sys/unix"
 	"gvisor.dev/gvisor/pkg/context"
 	"gvisor.dev/gvisor/pkg/log"
+	"gvisor.dev/gvisor/pkg/metric"
 	"gvisor.dev/gvisor/pkg/p9"
 	"gvisor.dev/gvisor/pkg/sentry/device"
 	"gvisor.dev/gvisor/pkg/sentry/fs"
@@ -92,6 +93,7 @@ func NewFile(ctx context.Context, dirent *fs.Dirent, name string, flags fs.FileF
 	if flags.Write {
 		if err := dirent.Inode.CheckPermission(ctx, fs.PermMask{Execute: true}); err == nil {
 			fsmetric.GoferOpensWX.Increment()
+			metric.SuspiciousOperationsMetric.Increment("opened_write_execute_file")
 			log.Warningf("Opened a writable executable: %q", name)
 		}
 	}
author	gVisor bot <gvisor-bot@google.com>	2021-05-14 23:17:28 +0000
committer	gVisor bot <gvisor-bot@google.com>	2021-05-14 23:17:28 +0000
commit	a9fae2bee876ca5a57703417c45540ff9202d8b0 (patch)
tree	c16ef8115653b8676cf8460a40e7ffea77b5655f /pkg/sentry/fs/gofer
parent	6df857e4b812257cbd7000d1f490943755c6614b (diff)
parent	25f0ab3313c356fcfb9e4282eda3b2aa2278956d (diff)