Handle AT_SYMLINK_NOFOLLOW flag for execveat.

PiperOrigin-RevId: 276441249
author: Dean Deng <deandeng@google.com> 2019-10-24 01:44:03 -0700
committer: gVisor bot <gvisor-bot@google.com> 2019-10-24 01:45:25 -0700
commit: d9fd5363409facbc5cf04b85b3b0e7dade085dd9 (patch)
tree: c1deb0abdc6aae4ab44b9b5459eaa7a542b1d5b9 /pkg/sentry/syscalls/linux
parent: 7ca50236c42ad1b1aa19951815d03b62c0c722ed (diff)
2 files changed, 5 insertions, 7 deletions
diff --git a/pkg/sentry/syscalls/linux/linux64_amd64.go b/pkg/sentry/syscalls/linux/linux64_amd64.go
index 6d3801ad9..3021440ed 100644
--- a/pkg/sentry/syscalls/linux/linux64_amd64.go
+++ b/pkg/sentry/syscalls/linux/linux64_amd64.go
@@ -362,7 +362,7 @@ var AMD64 = &kernel.SyscallTable{
 		319: syscalls.Supported("memfd_create", MemfdCreate),
 		320: syscalls.CapError("kexec_file_load", linux.CAP_SYS_BOOT, "", nil),
 		321: syscalls.CapError("bpf", linux.CAP_SYS_ADMIN, "", nil),
-		322: syscalls.PartiallySupported("execveat", Execveat, "No support for AT_SYMLINK_FOLLOW.", nil),
+		322: syscalls.Supported("execveat", Execveat),
 		323: syscalls.ErrorWithEvent("userfaultfd", syserror.ENOSYS, "", []string{"gvisor.dev/issue/266"}), // TODO(b/118906345)
 		324: syscalls.ErrorWithEvent("membarrier", syserror.ENOSYS, "", []string{"gvisor.dev/issue/267"}),  // TODO(b/118904897)
 		325: syscalls.PartiallySupported("mlock2", Mlock2, "Stub implementation. The sandbox lacks appropriate permissions.", nil),
diff --git a/pkg/sentry/syscalls/linux/sys_thread.go b/pkg/sentry/syscalls/linux/sys_thread.go
index 7ece7ba6f..effe16186 100644
--- a/pkg/sentry/syscalls/linux/sys_thread.go
+++ b/pkg/sentry/syscalls/linux/sys_thread.go
@@ -105,16 +105,14 @@ func execveat(t *kernel.Task, dirFD int32, pathnameAddr, argvAddr, envvAddr user
 		}
 	}
 
-	if flags&linux.AT_SYMLINK_NOFOLLOW != 0 {
-		// TODO(b/128449944): Handle AT_SYMLINK_NOFOLLOW.
-		t.Kernel().EmitUnimplementedEvent(t)
-		return 0, nil, syserror.ENOSYS
+	if flags&^(linux.AT_EMPTY_PATH|linux.AT_SYMLINK_NOFOLLOW) != 0 {
+		return 0, nil, syserror.EINVAL
 	}
-
 	atEmptyPath := flags&linux.AT_EMPTY_PATH != 0
 	if !atEmptyPath && len(pathname) == 0 {
 		return 0, nil, syserror.ENOENT
 	}
+	resolveFinal := flags&linux.AT_SYMLINK_NOFOLLOW == 0
 
 	root := t.FSContext().RootDirectory()
 	defer root.DecRef()
@@ -150,7 +148,7 @@ func execveat(t *kernel.Task, dirFD int32, pathnameAddr, argvAddr, envvAddr user
 
 	// Load the new TaskContext.
 	maxTraversals := uint(linux.MaxSymlinkTraversals)
-	tc, se := t.Kernel().LoadTaskImage(t, t.MountNamespace(), root, wd, &maxTraversals, pathname, executable, argv, envv, t.Arch().FeatureSet())
+	tc, se := t.Kernel().LoadTaskImage(t, t.MountNamespace(), root, wd, &maxTraversals, pathname, executable, argv, envv, resolveFinal, t.Arch().FeatureSet())
 	if se != nil {
 		return 0, nil, se.ToError()
 	}
author	Dean Deng <deandeng@google.com>	2019-10-24 01:44:03 -0700
committer	gVisor bot <gvisor-bot@google.com>	2019-10-24 01:45:25 -0700
commit	d9fd5363409facbc5cf04b85b3b0e7dade085dd9 (patch)
tree	c1deb0abdc6aae4ab44b9b5459eaa7a542b1d5b9 /pkg/sentry/syscalls/linux
parent	7ca50236c42ad1b1aa19951815d03b62c0c722ed (diff)