Merge release-20210201.0-90-g4314bb0b2 (automated)

author: gVisor bot <gvisor-bot@google.com> 2021-02-12 01:18:38 +0000
committer: gVisor bot <gvisor-bot@google.com> 2021-02-12 01:18:38 +0000
commit: 660aa59a851a15efc127fb55135eeb2bd63a4981 (patch)
tree: 82a93f581555d8900be4b76bac243d3da0200472 /pkg/sentry
parent: 2cb6129a78c570821ab7ecee012ba8862dfa7e96 (diff)
parent: 4314bb0b2b96cc3a84e8dead29812ccb1bfcebe2 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go
index 0aff2dd92..b0e13cdab 100644
--- a/pkg/sentry/vfs/vfs.go
+++ b/pkg/sentry/vfs/vfs.go
@@ -425,7 +425,9 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential
 		rp.mustBeDir = true
 		rp.mustBeDirOrig = true
 	}
-	if opts.Flags&linux.O_PATH != 0 {
+	// Ignore O_PATH for verity, as verity performs extra operations on the fd for verification.
+	// The underlying filesystem that verity wraps opens the fd with O_PATH.
+	if opts.Flags&linux.O_PATH != 0 && rp.mount.fs.FilesystemType().Name() != "verity" {
 		vd, err := vfs.GetDentryAt(ctx, creds, pop, &GetDentryOptions{})
 		if err != nil {
 			return nil, err
author	gVisor bot <gvisor-bot@google.com>	2021-02-12 01:18:38 +0000
committer	gVisor bot <gvisor-bot@google.com>	2021-02-12 01:18:38 +0000
commit	660aa59a851a15efc127fb55135eeb2bd63a4981 (patch)
tree	82a93f581555d8900be4b76bac243d3da0200472 /pkg/sentry
parent	2cb6129a78c570821ab7ecee012ba8862dfa7e96 (diff)
parent	4314bb0b2b96cc3a84e8dead29812ccb1bfcebe2 (diff)