vfs1: don't allow to open socket files

open() has to return ENXIO in this case. O_PATH isn't supported by vfs1. PiperOrigin-RevId: 348820478
author: Andrei Vagin <avagin@google.com> 2020-12-23 11:08:42 -0800
committer: gVisor bot <gvisor-bot@google.com> 2020-12-23 11:11:07 -0800
commit: d07915987631f4c3c6345275019a5b5b0cf28dbb (patch)
tree: e4fe185b9f066fbdc59581ae4f3c8b907807b2f2 /pkg/sentry/fs/gofer
parent: 6d96a2394d3a4b983b1fa046cf605e22404c4948 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/pkg/sentry/fs/gofer/inode.go b/pkg/sentry/fs/gofer/inode.go
index 9d6fdd08f..e840b6f5e 100644
--- a/pkg/sentry/fs/gofer/inode.go
+++ b/pkg/sentry/fs/gofer/inode.go
@@ -475,6 +475,9 @@ func (i *inodeOperations) Check(ctx context.Context, inode *fs.Inode, p fs.PermM
 func (i *inodeOperations) GetFile(ctx context.Context, d *fs.Dirent, flags fs.FileFlags) (*fs.File, error) {
 	switch d.Inode.StableAttr.Type {
 	case fs.Socket:
+		if i.session().overrides != nil {
+			return nil, syserror.ENXIO
+		}
 		return i.getFileSocket(ctx, d, flags)
 	case fs.Pipe:
 		return i.getFilePipe(ctx, d, flags)
author	Andrei Vagin <avagin@google.com>	2020-12-23 11:08:42 -0800
committer	gVisor bot <gvisor-bot@google.com>	2020-12-23 11:11:07 -0800
commit	d07915987631f4c3c6345275019a5b5b0cf28dbb (patch)
tree	e4fe185b9f066fbdc59581ae4f3c8b907807b2f2 /pkg/sentry/fs/gofer
parent	6d96a2394d3a4b983b1fa046cf605e22404c4948 (diff)