Merge release-20200219.0-161-g8f8f16e (automated)

author: gVisor bot <gvisor-bot@google.com> 2020-03-13 16:02:07 +0000
committer: gVisor bot <gvisor-bot@google.com> 2020-03-13 16:02:07 +0000
commit: bc50e54cd6edc4d0c398ff7202c28d05a250edf6 (patch)
tree: 97805c6a1510589a12a26c794d6543155017f01f /pkg/sentry/vfs/vfs.go
parent: 37e789e87f644506503548b039ffbd6c8b52d2cf (diff)
parent: 8f8f16efafd48da3c5e4db329a90bb76620b2324 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go
index bde81e1ef..365e8b30d 100755
--- a/pkg/sentry/vfs/vfs.go
+++ b/pkg/sentry/vfs/vfs.go
@@ -388,6 +388,11 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential
 			// TODO(gvisor.dev/issue/1193): Move inside fsimpl to avoid another call
 			// to FileDescription.Stat().
 			if opts.FileExec {
+				if fd.Mount().flags.NoExec {
+					fd.DecRef()
+					return nil, syserror.EACCES
+				}
+
 				// Only a regular file can be executed.
 				stat, err := fd.Stat(ctx, StatOptions{Mask: linux.STATX_TYPE})
 				if err != nil {
author	gVisor bot <gvisor-bot@google.com>	2020-03-13 16:02:07 +0000
committer	gVisor bot <gvisor-bot@google.com>	2020-03-13 16:02:07 +0000
commit	bc50e54cd6edc4d0c398ff7202c28d05a250edf6 (patch)
tree	97805c6a1510589a12a26c794d6543155017f01f /pkg/sentry/vfs/vfs.go
parent	37e789e87f644506503548b039ffbd6c8b52d2cf (diff)
parent	8f8f16efafd48da3c5e4db329a90bb76620b2324 (diff)