Merge release-20190806.1-333-g29273b0 (automated)

author: gVisor bot <gvisor-bot@google.com> 2019-10-29 17:08:27 +0000
committer: gVisor bot <gvisor-bot@google.com> 2019-10-29 17:08:27 +0000
commit: 21b7f3a5ef12bafd79dd0aee148564871a70e04d (patch)
tree: d32f24e5265f68337ffb9e00e708858c51a62f80 /pkg/sentry/loader
parent: 45341f99c3448fdda550260dd025975cae150e79 (diff)
parent: 29273b03842a85bce8314799348231520ceb6e9c (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/pkg/sentry/loader/loader.go b/pkg/sentry/loader/loader.go
index 818941762..f75ebe08a 100644
--- a/pkg/sentry/loader/loader.go
+++ b/pkg/sentry/loader/loader.go
@@ -66,6 +66,12 @@ type LoadArgs struct {
 	// nil, then File will be loaded and Filename will be ignored.
 	File *fs.File
 
+	// CloseOnExec indicates that the executable (or one of its parent
+	// directories) was opened with O_CLOEXEC. If the executable is an
+	// interpreter script, then cause an ENOENT error to occur, since the
+	// script would otherwise be inaccessible to the interpreter.
+	CloseOnExec bool
+
 	// Argv is the vector of arguments to pass to the executable.
 	Argv []string
 
@@ -279,6 +285,9 @@ func loadExecutable(ctx context.Context, args LoadArgs) (loadedELF, arch.Context
 			d.IncRef()
 			return loaded, ac, d, args.Argv, err
 		case bytes.Equal(hdr[:2], []byte(interpreterScriptMagic)):
+			if args.CloseOnExec {
+				return loadedELF{}, nil, nil, nil, syserror.ENOENT
+			}
 			args.Filename, args.Argv, err = parseInterpreterScript(ctx, args.Filename, args.File, args.Argv)
 			if err != nil {
 				ctx.Infof("Error loading interpreter script: %v", err)
author	gVisor bot <gvisor-bot@google.com>	2019-10-29 17:08:27 +0000
committer	gVisor bot <gvisor-bot@google.com>	2019-10-29 17:08:27 +0000
commit	21b7f3a5ef12bafd79dd0aee148564871a70e04d (patch)
tree	d32f24e5265f68337ffb9e00e708858c51a62f80 /pkg/sentry/loader
parent	45341f99c3448fdda550260dd025975cae150e79 (diff)
parent	29273b03842a85bce8314799348231520ceb6e9c (diff)