diff options
author | gVisor bot <gvisor-bot@google.com> | 2021-02-11 17:09:49 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-02-11 17:12:23 -0800 |
commit | 4314bb0b2b96cc3a84e8dead29812ccb1bfcebe2 (patch) | |
tree | 87a64c02d827ab777be01dd9fe67604c2030a5da /pkg/sentry/vfs | |
parent | c39284f457383dabd52f468a10072ca6d2211cbb (diff) |
Internal change.
PiperOrigin-RevId: 357090170
Diffstat (limited to 'pkg/sentry/vfs')
-rw-r--r-- | pkg/sentry/vfs/vfs.go | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go index 0aff2dd92..b0e13cdab 100644 --- a/pkg/sentry/vfs/vfs.go +++ b/pkg/sentry/vfs/vfs.go @@ -425,7 +425,9 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential rp.mustBeDir = true rp.mustBeDirOrig = true } - if opts.Flags&linux.O_PATH != 0 { + // Ignore O_PATH for verity, as verity performs extra operations on the fd for verification. + // The underlying filesystem that verity wraps opens the fd with O_PATH. + if opts.Flags&linux.O_PATH != 0 && rp.mount.fs.FilesystemType().Name() != "verity" { vd, err := vfs.GetDentryAt(ctx, creds, pop, &GetDentryOptions{}) if err != nil { return nil, err |