summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/syscalls/linux/sys_file.go
diff options
context:
space:
mode:
authorBrian Geffon <bgeffon@google.com>2018-09-05 09:20:18 -0700
committerShentubot <shentubot@google.com>2018-09-05 09:21:28 -0700
commit2b8dae0bc5594f7088dd028268efaedbb5a72507 (patch)
tree3ff989754a41396f2938786f8dac20f64c62d426 /pkg/sentry/syscalls/linux/sys_file.go
parent0a9a40abcda602dc3403e2108e1348bf4e04051a (diff)
Open(2) isn't honoring O_NOFOLLOW
PiperOrigin-RevId: 211644897 Change-Id: I882ed827a477d6c03576463ca5bf2d6351892b90
Diffstat (limited to 'pkg/sentry/syscalls/linux/sys_file.go')
-rw-r--r--pkg/sentry/syscalls/linux/sys_file.go7
1 files changed, 6 insertions, 1 deletions
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go
index 2cf429f5c..3e28d4b8a 100644
--- a/pkg/sentry/syscalls/linux/sys_file.go
+++ b/pkg/sentry/syscalls/linux/sys_file.go
@@ -136,7 +136,8 @@ func openAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint) (fd u
return 0, err
}
- err = fileOpOn(t, dirFD, path, true /* resolve */, func(root *fs.Dirent, d *fs.Dirent) error {
+ resolve := flags&linux.O_NOFOLLOW == 0
+ err = fileOpOn(t, dirFD, path, resolve, func(root *fs.Dirent, d *fs.Dirent) error {
// First check a few things about the filesystem before trying to get the file
// reference.
//
@@ -147,6 +148,10 @@ func openAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint) (fd u
return err
}
+ if fs.IsSymlink(d.Inode.StableAttr) && !resolve {
+ return syserror.ELOOP
+ }
+
fileFlags := linuxToFlags(flags)
// Linux always adds the O_LARGEFILE flag when running in 64-bit mode.
fileFlags.LargeFile = true