Add FileExec flag to OpenOptions

This allow callers to say whether the file is being opened to be executed, so that the proper checks can be done from FilesystemImpl.OpenAt() Updates #1623 PiperOrigin-RevId: 295042595
author: gVisor bot <gvisor-bot@google.com> 2020-02-13 17:56:34 -0800
committer: gVisor bot <gvisor-bot@google.com> 2020-02-13 17:57:36 -0800
commit: a6024f7f5f6f438c11e30be0f93657b1956fd5ba (patch)
tree: a18288d9dec9d08a934d52570ebf6694f7ea1c0c /pkg/sentry/vfs/vfs.go
parent: 336f758d59a8a0411c745d744a1e5c3294eaf78a (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go
index 908c69f91..9629afee9 100644
--- a/pkg/sentry/vfs/vfs.go
+++ b/pkg/sentry/vfs/vfs.go
@@ -379,6 +379,25 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential
 		fd, err := rp.mount.fs.impl.OpenAt(ctx, rp, *opts)
 		if err == nil {
 			vfs.putResolvingPath(rp)
+
+			// TODO(gvisor.dev/issue/1193): Move inside fsimpl to avoid another call
+			// to FileDescription.Stat().
+			if opts.FileExec {
+				// Only a regular file can be executed.
+				stat, err := fd.Stat(ctx, StatOptions{Mask: linux.STATX_TYPE})
+				if err != nil {
+					return nil, err
+				}
+				if stat.Mask&linux.STATX_TYPE != 0 {
+					// This shouldn't happen, but if type can't be retrieved, file can't
+					// be executed.
+					return nil, syserror.EACCES
+				}
+				if linux.FileMode(stat.Mode).FileType() != linux.ModeRegular {
+					return nil, syserror.EACCES
+				}
+			}
+
 			return fd, nil
 		}
 		if !rp.handleError(err) {
author	gVisor bot <gvisor-bot@google.com>	2020-02-13 17:56:34 -0800
committer	gVisor bot <gvisor-bot@google.com>	2020-02-13 17:57:36 -0800
commit	a6024f7f5f6f438c11e30be0f93657b1956fd5ba (patch)
tree	a18288d9dec9d08a934d52570ebf6694f7ea1c0c /pkg/sentry/vfs/vfs.go
parent	336f758d59a8a0411c745d744a1e5c3294eaf78a (diff)