Merge release-20200219.0-37-g471b15b (automated)

author: gVisor bot <gvisor-bot@google.com> 2020-02-25 21:40:09 +0000
committer: gVisor bot <gvisor-bot@google.com> 2020-02-25 21:40:09 +0000
commit: ed9085d4e5d4944ab662a58ee3a33d3b5210bd3e (patch)
tree: ae6b893d1b673b9020cf1cf3d66c5071e492d7fb /pkg/sentry/vfs/vfs.go
parent: a59ee560978159013ade1bfb878d39cf9c551476 (diff)
parent: 471b15b212831af31c2fe36cd42cea7ec7b7785b (diff)
1 files changed, 3 insertions, 7 deletions
diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go
index 8f29031b2..73f8043be 100755
--- a/pkg/sentry/vfs/vfs.go
+++ b/pkg/sentry/vfs/vfs.go
@@ -385,15 +385,11 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential
 				// Only a regular file can be executed.
 				stat, err := fd.Stat(ctx, StatOptions{Mask: linux.STATX_TYPE})
 				if err != nil {
+					fd.DecRef()
 					return nil, err
 				}
-				if stat.Mask&linux.STATX_TYPE != 0 {
-					// This shouldn't happen, but if type can't be retrieved, file can't
-					// be executed.
-					return nil, syserror.EACCES
-				}
-				if t := linux.FileMode(stat.Mode).FileType(); t != linux.ModeRegular {
-					ctx.Infof("%q is not a regular file: %v", pop.Path, t)
+				if stat.Mask&linux.STATX_TYPE == 0 || stat.Mode&linux.S_IFMT != linux.S_IFREG {
+					fd.DecRef()
 					return nil, syserror.EACCES
 				}
 			}
author	gVisor bot <gvisor-bot@google.com>	2020-02-25 21:40:09 +0000
committer	gVisor bot <gvisor-bot@google.com>	2020-02-25 21:40:09 +0000
commit	ed9085d4e5d4944ab662a58ee3a33d3b5210bd3e (patch)
tree	ae6b893d1b673b9020cf1cf3d66c5071e492d7fb /pkg/sentry/vfs/vfs.go
parent	a59ee560978159013ade1bfb878d39cf9c551476 (diff)
parent	471b15b212831af31c2fe36cd42cea7ec7b7785b (diff)