diff options
author | Chong Cai <chongc@google.com> | 2021-07-13 15:42:00 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-07-13 15:44:54 -0700 |
commit | d4dce953b7ac4705f5b52ac24c031170d701031b (patch) | |
tree | 486645acba552cf94fd1f7e8b083d4ad2e519064 /runsc/cmd/cmd.go | |
parent | c16e69a9d5ec3422b648a6d32842442925285a29 (diff) |
Do not require O_PATH flag to enable verity
Remove the hack in gVisor vfs that allows verity to bypass the O_PATH
check, since ioctl is not allowed on fds opened with O_PATH in linux.
Verity still opens the lowerFD with O_PATH to open it as a symlink, but
the API no longer expects O_PATH to open a fd to be verity enabled.
Now only O_FOLLOW should be specified when opening and enabling verity
features.
PiperOrigin-RevId: 384567833
Diffstat (limited to 'runsc/cmd/cmd.go')
0 files changed, 0 insertions, 0 deletions