Merge branch 'master' into iptables

author: nybidari <59618317+nybidari@users.noreply.github.com> 2020-02-25 15:33:59 -0800
committer: GitHub <noreply@github.com> 2020-02-25 15:33:59 -0800
commit: 818abc2bd5096bf7dc6f621cfd2923bee4e0fc7b (patch)
tree: 0f7f90cecb6afc332a3229651eba4da391a46b41 /pkg/sentry/vfs/vfs.go
parent: acc405ba60834f5dce9ce04cd762d5cda02224cb (diff)
parent: 72e3f3a3eef3a1dc02db0ff71f98a5d7fe89a6e3 (diff)
1 files changed, 3 insertions, 7 deletions
diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go
index 8f29031b2..73f8043be 100644
--- a/pkg/sentry/vfs/vfs.go
+++ b/pkg/sentry/vfs/vfs.go
@@ -385,15 +385,11 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential
 				// Only a regular file can be executed.
 				stat, err := fd.Stat(ctx, StatOptions{Mask: linux.STATX_TYPE})
 				if err != nil {
+					fd.DecRef()
 					return nil, err
 				}
-				if stat.Mask&linux.STATX_TYPE != 0 {
-					// This shouldn't happen, but if type can't be retrieved, file can't
-					// be executed.
-					return nil, syserror.EACCES
-				}
-				if t := linux.FileMode(stat.Mode).FileType(); t != linux.ModeRegular {
-					ctx.Infof("%q is not a regular file: %v", pop.Path, t)
+				if stat.Mask&linux.STATX_TYPE == 0 || stat.Mode&linux.S_IFMT != linux.S_IFREG {
+					fd.DecRef()
 					return nil, syserror.EACCES
 				}
 			}
author	nybidari <59618317+nybidari@users.noreply.github.com>	2020-02-25 15:33:59 -0800
committer	GitHub <noreply@github.com>	2020-02-25 15:33:59 -0800
commit	818abc2bd5096bf7dc6f621cfd2923bee4e0fc7b (patch)
tree	0f7f90cecb6afc332a3229651eba4da391a46b41 /pkg/sentry/vfs/vfs.go
parent	acc405ba60834f5dce9ce04cd762d5cda02224cb (diff)
parent	72e3f3a3eef3a1dc02db0ff71f98a5d7fe89a6e3 (diff)