Merge release-20200211.0-15-ga6024f7 (automated)

author: gVisor bot <gvisor-bot@google.com> 2020-02-14 02:01:38 +0000
committer: gVisor bot <gvisor-bot@google.com> 2020-02-14 02:01:38 +0000
commit: 21ccea6ecc8a88a8ace0875f83633a7ccdacd8bc (patch)
tree: 54afd8bbd7e80a9c92730ae36a74d85238d0ab47 /pkg/sentry/vfs/permissions.go
parent: b692574b021c301ee94f55537f9b3ee51485d55f (diff)
parent: a6024f7f5f6f438c11e30be0f93657b1956fd5ba (diff)
1 files changed, 12 insertions, 7 deletions
diff --git a/pkg/sentry/vfs/permissions.go b/pkg/sentry/vfs/permissions.go
index f664581f4..8e250998a 100755
--- a/pkg/sentry/vfs/permissions.go
+++ b/pkg/sentry/vfs/permissions.go
@@ -103,17 +103,22 @@ func GenericCheckPermissions(creds *auth.Credentials, ats AccessTypes, isDir boo
 // AccessTypesForOpenFlags returns MayRead|MayWrite in this case.
 //
 // Use May{Read,Write}FileWithOpenFlags() for these checks instead.
-func AccessTypesForOpenFlags(flags uint32) AccessTypes {
-	switch flags & linux.O_ACCMODE {
+func AccessTypesForOpenFlags(opts *OpenOptions) AccessTypes {
+	ats := AccessTypes(0)
+	if opts.FileExec {
+		ats |= MayExec
+	}
+
+	switch opts.Flags & linux.O_ACCMODE {
 	case linux.O_RDONLY:
-		if flags&linux.O_TRUNC != 0 {
-			return MayRead | MayWrite
+		if opts.Flags&linux.O_TRUNC != 0 {
+			return ats | MayRead | MayWrite
 		}
-		return MayRead
+		return ats | MayRead
 	case linux.O_WRONLY:
-		return MayWrite
+		return ats | MayWrite
 	default:
-		return MayRead | MayWrite
+		return ats | MayRead | MayWrite
 	}
 }
author	gVisor bot <gvisor-bot@google.com>	2020-02-14 02:01:38 +0000
committer	gVisor bot <gvisor-bot@google.com>	2020-02-14 02:01:38 +0000
commit	21ccea6ecc8a88a8ace0875f83633a7ccdacd8bc (patch)
tree	54afd8bbd7e80a9c92730ae36a74d85238d0ab47 /pkg/sentry/vfs/permissions.go
parent	b692574b021c301ee94f55537f9b3ee51485d55f (diff)
parent	a6024f7f5f6f438c11e30be0f93657b1956fd5ba (diff)