summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2020-03-25 15:23:48 -0700
committergVisor bot <gvisor-bot@google.com>2020-03-25 15:57:37 -0700
commitf2eba940159b4ed55359f99a3422ad899a8647ee (patch)
tree6f0b4e0808c6ae032daa0b88322f505303bb4121 /pkg/sentry
parente541ebec2fdb5b29209cb3fc8235b77edcaebb6a (diff)
Remove TODO to push down exec permission check
Pushing it down requires all implementation to check for exec individualy which is not maintanable. Making it part of GenericCheckPermissions add extra cost to everyone that calls it. So it's better to keep is in VirtualFilesystem.OpenAt. Updates #1193 PiperOrigin-RevId: 302982993
Diffstat (limited to 'pkg/sentry')
-rw-r--r--pkg/sentry/vfs/vfs.go2
1 files changed, 0 insertions, 2 deletions
diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go
index 2e2880171..03d1fb943 100644
--- a/pkg/sentry/vfs/vfs.go
+++ b/pkg/sentry/vfs/vfs.go
@@ -402,8 +402,6 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential
if err == nil {
vfs.putResolvingPath(rp)
- // TODO(gvisor.dev/issue/1193): Move inside fsimpl to avoid another call
- // to FileDescription.Stat().
if opts.FileExec {
if fd.Mount().flags.NoExec {
fd.DecRef()