Merge 69e0affa (automated)

author: gVisor bot <gvisor-bot@google.com> 2019-07-12 16:19:23 +0000
committer: gVisor bot <gvisor-bot@google.com> 2019-07-12 16:19:23 +0000
commit: 715afd5da8c2d5aacd7ab64535b92dac1abc3f37 (patch)
tree: 432c7c1ada560a23f26de6e9b8beefdda97ccdcc /pkg/sentry/fs/inode_overlay.go
parent: e3abe5ebdf5e0c98429faee7d57d126d452f7293 (diff)
parent: 69e0affaecda24b4d193e4592202b55b53afecc3 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/pkg/sentry/fs/inode_overlay.go b/pkg/sentry/fs/inode_overlay.go
index b247fa514..24b769cfc 100644
--- a/pkg/sentry/fs/inode_overlay.go
+++ b/pkg/sentry/fs/inode_overlay.go
@@ -567,6 +567,12 @@ func overlayCheck(ctx context.Context, o *overlayEntry, p PermMask) error {
 	if o.upper != nil {
 		err = o.upper.check(ctx, p)
 	} else {
+		if p.Write {
+			// Since writes will be redirected to the upper filesystem, the lower
+			// filesystem need not be writable, but must be readable for copy-up.
+			p.Write = false
+			p.Read = true
+		}
 		err = o.lower.check(ctx, p)
 	}
 	o.copyMu.RUnlock()
author	gVisor bot <gvisor-bot@google.com>	2019-07-12 16:19:23 +0000
committer	gVisor bot <gvisor-bot@google.com>	2019-07-12 16:19:23 +0000
commit	715afd5da8c2d5aacd7ab64535b92dac1abc3f37 (patch)
tree	432c7c1ada560a23f26de6e9b8beefdda97ccdcc /pkg/sentry/fs/inode_overlay.go
parent	e3abe5ebdf5e0c98429faee7d57d126d452f7293 (diff)
parent	69e0affaecda24b4d193e4592202b55b53afecc3 (diff)