Merge 69e0affa (automated)

author: gVisor bot <gvisor-bot@google.com> 2019-07-12 16:19:23 +0000
committer: gVisor bot <gvisor-bot@google.com> 2019-07-12 16:19:23 +0000
commit: 715afd5da8c2d5aacd7ab64535b92dac1abc3f37 (patch)
tree: 432c7c1ada560a23f26de6e9b8beefdda97ccdcc /pkg/sentry/fs/mounts.go
parent: e3abe5ebdf5e0c98429faee7d57d126d452f7293 (diff)
parent: 69e0affaecda24b4d193e4592202b55b53afecc3 (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/pkg/sentry/fs/mounts.go b/pkg/sentry/fs/mounts.go
index 281364dfc..693ffc760 100644
--- a/pkg/sentry/fs/mounts.go
+++ b/pkg/sentry/fs/mounts.go
@@ -181,12 +181,14 @@ func NewMountNamespace(ctx context.Context, root *Inode) (*MountNamespace, error
 		d: newRootMount(1, d),
 	}
 
-	return &MountNamespace{
+	mns := MountNamespace{
 		userns:  creds.UserNamespace,
 		root:    d,
 		mounts:  mnts,
 		mountID: 2,
-	}, nil
+	}
+	mns.EnableLeakCheck("fs.MountNamespace")
+	return &mns, nil
 }
 
 // UserNamespace returns the user namespace associated with this mount manager.
@@ -661,6 +663,11 @@ func (mns *MountNamespace) ResolveExecutablePath(ctx context.Context, wd, name s
 		}
 		defer d.DecRef()
 
+		// Check that it is a regular file.
+		if !IsRegular(d.Inode.StableAttr) {
+			continue
+		}
+
 		// Check whether we can read and execute the found file.
 		if err := d.Inode.CheckPermission(ctx, PermMask{Read: true, Execute: true}); err != nil {
 			log.Infof("Found executable at %q, but user cannot execute it: %v", binPath, err)
author	gVisor bot <gvisor-bot@google.com>	2019-07-12 16:19:23 +0000
committer	gVisor bot <gvisor-bot@google.com>	2019-07-12 16:19:23 +0000
commit	715afd5da8c2d5aacd7ab64535b92dac1abc3f37 (patch)
tree	432c7c1ada560a23f26de6e9b8beefdda97ccdcc /pkg/sentry/fs/mounts.go
parent	e3abe5ebdf5e0c98429faee7d57d126d452f7293 (diff)
parent	69e0affaecda24b4d193e4592202b55b53afecc3 (diff)