diff options
author | Fabricio Voznika <fvoznika@google.com> | 2020-03-25 15:23:48 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-03-25 15:57:37 -0700 |
commit | f2eba940159b4ed55359f99a3422ad899a8647ee (patch) | |
tree | 6f0b4e0808c6ae032daa0b88322f505303bb4121 /pkg/sentry | |
parent | e541ebec2fdb5b29209cb3fc8235b77edcaebb6a (diff) |
Remove TODO to push down exec permission check
Pushing it down requires all implementation to check for
exec individualy which is not maintanable. Making it part
of GenericCheckPermissions add extra cost to everyone that
calls it. So it's better to keep is in
VirtualFilesystem.OpenAt.
Updates #1193
PiperOrigin-RevId: 302982993
Diffstat (limited to 'pkg/sentry')
-rw-r--r-- | pkg/sentry/vfs/vfs.go | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go index 2e2880171..03d1fb943 100644 --- a/pkg/sentry/vfs/vfs.go +++ b/pkg/sentry/vfs/vfs.go @@ -402,8 +402,6 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential if err == nil { vfs.putResolvingPath(rp) - // TODO(gvisor.dev/issue/1193): Move inside fsimpl to avoid another call - // to FileDescription.Stat(). if opts.FileExec { if fd.Mount().flags.NoExec { fd.DecRef() |