Include AT_SECURE in the aux vector

gVisor does not currently implement the functionality that would result in AT_SECURE = 1, but Linux includes AT_SECURE = 0 in the normal case, so we should do the same. PiperOrigin-RevId: 272311488
author: Michael Pratt <mpratt@google.com> 2019-10-01 15:41:32 -0700
committer: gVisor bot <gvisor-bot@google.com> 2019-10-01 15:43:14 -0700
commit: 0d483985c57a2d001039d17bd198e2eca0f4ff7f (patch)
tree: a8c33c51abfa639ce9522387b3b6fe84885c92d7 /pkg/sentry/kernel/task_identity.go
parent: 739f53fc17e3e3ed82dc2bc920f49fa91738a437 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/pkg/sentry/kernel/task_identity.go b/pkg/sentry/kernel/task_identity.go
index 78ff14b20..ce3e6ef28 100644
--- a/pkg/sentry/kernel/task_identity.go
+++ b/pkg/sentry/kernel/task_identity.go
@@ -465,8 +465,8 @@ func (t *Task) SetKeepCaps(k bool) {
 // disables the features we don't support anyway, is always set. This
 // drastically simplifies this function.
 //
-// - We don't implement AT_SECURE, because no_new_privs always being set means
-// that the conditions that require AT_SECURE never arise. (Compare Linux's
+// - We don't set AT_SECURE = 1, because no_new_privs always being set means
+// that the conditions that require AT_SECURE = 1 never arise. (Compare Linux's
 // security/commoncap.c:cap_bprm_set_creds() and cap_bprm_secureexec().)
 //
 // - We don't check for CAP_SYS_ADMIN in prctl(PR_SET_SECCOMP), since
author	Michael Pratt <mpratt@google.com>	2019-10-01 15:41:32 -0700
committer	gVisor bot <gvisor-bot@google.com>	2019-10-01 15:43:14 -0700
commit	0d483985c57a2d001039d17bd198e2eca0f4ff7f (patch)
tree	a8c33c51abfa639ce9522387b3b6fe84885c92d7 /pkg/sentry/kernel/task_identity.go
parent	739f53fc17e3e3ed82dc2bc920f49fa91738a437 (diff)