Merge release-20200413.0-18-gce19497 (automated)

author: gVisor bot <gvisor-bot@google.com> 2020-04-29 03:17:56 +0000
committer: gVisor bot <gvisor-bot@google.com> 2020-04-29 03:17:56 +0000
commit: 633d413b30734e629996821342b81d4e67e0cb22 (patch)
tree: 2def7c27594dc8721649b86df5a9b9e856fbfe47 /pkg/sentry/socket/unix/unix.go
parent: b11d270c40b190c6aef7396d0e5f0941d123a345 (diff)
parent: ce19497c1c0829af6ba56f0cc68e3a4cb33cf1c8 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go
index ddd0eda4b..5b29e9d7f 100644
--- a/pkg/sentry/socket/unix/unix.go
+++ b/pkg/sentry/socket/unix/unix.go
@@ -323,7 +323,10 @@ func (s *SocketOperations) Bind(t *kernel.Task, sockaddr []byte) *syserr.Error {
 
 			// Create the socket.
 			//
-			// TODO(gvisor.dev/issue/2324): Correctly set file permissions.
+			// Note that the file permissions here are not set correctly (see
+			// gvisor.dev/issue/2324). There is no convenient way to get permissions
+			// on the socket referred to by s, so we will leave this discrepancy
+			// unresolved until VFS2 replaces this code.
 			childDir, err := d.Bind(t, t.FSContext().RootDirectory(), name, bep, fs.FilePermissions{User: fs.PermMask{Read: true}})
 			if err != nil {
 				return syserr.ErrPortInUse
author	gVisor bot <gvisor-bot@google.com>	2020-04-29 03:17:56 +0000
committer	gVisor bot <gvisor-bot@google.com>	2020-04-29 03:17:56 +0000
commit	633d413b30734e629996821342b81d4e67e0cb22 (patch)
tree	2def7c27594dc8721649b86df5a9b9e856fbfe47 /pkg/sentry/socket/unix/unix.go
parent	b11d270c40b190c6aef7396d0e5f0941d123a345 (diff)
parent	ce19497c1c0829af6ba56f0cc68e3a4cb33cf1c8 (diff)