Don't try to execute a file that is not regular.

PiperOrigin-RevId: 257037608
author: Nicolas Lacasse <nlacasse@google.com> 2019-07-08 12:55:37 -0700
committer: gVisor bot <gvisor-bot@google.com> 2019-07-08 12:56:48 -0700
commit: 659bebab8e83ec9b5f6fef26ca27048af526ee40 (patch)
tree: 1a0f387a7892618dc0ed0d91e6953e9b60e9b90c /pkg/sentry/fs/mounts.go
parent: 8f9b1ca8e7066df529b89422937e3212bf761262 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/pkg/sentry/fs/mounts.go b/pkg/sentry/fs/mounts.go
index ce7ffeed2..693ffc760 100644
--- a/pkg/sentry/fs/mounts.go
+++ b/pkg/sentry/fs/mounts.go
@@ -663,6 +663,11 @@ func (mns *MountNamespace) ResolveExecutablePath(ctx context.Context, wd, name s
 		}
 		defer d.DecRef()
 
+		// Check that it is a regular file.
+		if !IsRegular(d.Inode.StableAttr) {
+			continue
+		}
+
 		// Check whether we can read and execute the found file.
 		if err := d.Inode.CheckPermission(ctx, PermMask{Read: true, Execute: true}); err != nil {
 			log.Infof("Found executable at %q, but user cannot execute it: %v", binPath, err)
author	Nicolas Lacasse <nlacasse@google.com>	2019-07-08 12:55:37 -0700
committer	gVisor bot <gvisor-bot@google.com>	2019-07-08 12:56:48 -0700
commit	659bebab8e83ec9b5f6fef26ca27048af526ee40 (patch)
tree	1a0f387a7892618dc0ed0d91e6953e9b60e9b90c /pkg/sentry/fs/mounts.go
parent	8f9b1ca8e7066df529b89422937e3212bf761262 (diff)