Merge branch 'master' into ipt-udp-matchers

author: Kevin Krakauer <krakauer@google.com> 2020-01-24 10:42:43 -0800
committer: Kevin Krakauer <krakauer@google.com> 2020-01-24 10:42:43 -0800
commit: 7636478a316692328097c9e70d38ff878539afb3 (patch)
tree: 637787744e7f6a10bb4a5acb926447d451cb500f /pkg/sentry/vfs/permissions.go
parent: b7853f688b4bcd3465c0c3087fcbd8d53bdf26ae (diff)
parent: 3db317390b5cc491d680fc4a5fc7b8372890b4da (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/pkg/sentry/vfs/permissions.go b/pkg/sentry/vfs/permissions.go
index d279d05ca..f664581f4 100644
--- a/pkg/sentry/vfs/permissions.go
+++ b/pkg/sentry/vfs/permissions.go
@@ -94,14 +94,13 @@ func GenericCheckPermissions(creds *auth.Credentials, ats AccessTypes, isDir boo
 // the set of accesses permitted for the opened file:
 //
 // - O_TRUNC causes MayWrite to be set in the returned AccessTypes (since it
-// mutates the file), but does not permit the opened to write to the file
+// mutates the file), but does not permit writing to the open file description
 // thereafter.
 //
 // - "Linux reserves the special, nonstandard access mode 3 (binary 11) in
 // flags to mean: check for read and write permission on the file and return a
 // file descriptor that can't be used for reading or writing." - open(2). Thus
-// AccessTypesForOpenFlags returns MayRead|MayWrite in this case, but
-// filesystems are responsible for ensuring that access is denied.
+// AccessTypesForOpenFlags returns MayRead|MayWrite in this case.
 //
 // Use May{Read,Write}FileWithOpenFlags() for these checks instead.
 func AccessTypesForOpenFlags(flags uint32) AccessTypes {
author	Kevin Krakauer <krakauer@google.com>	2020-01-24 10:42:43 -0800
committer	Kevin Krakauer <krakauer@google.com>	2020-01-24 10:42:43 -0800
commit	7636478a316692328097c9e70d38ff878539afb3 (patch)
tree	637787744e7f6a10bb4a5acb926447d451cb500f /pkg/sentry/vfs/permissions.go
parent	b7853f688b4bcd3465c0c3087fcbd8d53bdf26ae (diff)
parent	3db317390b5cc491d680fc4a5fc7b8372890b4da (diff)