summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pkg/abi/linux/file.go1
-rw-r--r--pkg/sentry/syscalls/linux/sys_file.go7
2 files changed, 7 insertions, 1 deletions
diff --git a/pkg/abi/linux/file.go b/pkg/abi/linux/file.go
index 509f6b5b3..9bf229a57 100644
--- a/pkg/abi/linux/file.go
+++ b/pkg/abi/linux/file.go
@@ -37,6 +37,7 @@ const (
O_DIRECT = 00040000
O_LARGEFILE = 00100000
O_DIRECTORY = 00200000
+ O_NOFOLLOW = 00400000
O_CLOEXEC = 02000000
O_SYNC = 04010000
O_PATH = 010000000
diff --git a/pkg/sentry/syscalls/linux/sys_file.go b/pkg/sentry/syscalls/linux/sys_file.go
index 2cf429f5c..3e28d4b8a 100644
--- a/pkg/sentry/syscalls/linux/sys_file.go
+++ b/pkg/sentry/syscalls/linux/sys_file.go
@@ -136,7 +136,8 @@ func openAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint) (fd u
return 0, err
}
- err = fileOpOn(t, dirFD, path, true /* resolve */, func(root *fs.Dirent, d *fs.Dirent) error {
+ resolve := flags&linux.O_NOFOLLOW == 0
+ err = fileOpOn(t, dirFD, path, resolve, func(root *fs.Dirent, d *fs.Dirent) error {
// First check a few things about the filesystem before trying to get the file
// reference.
//
@@ -147,6 +148,10 @@ func openAt(t *kernel.Task, dirFD kdefs.FD, addr usermem.Addr, flags uint) (fd u
return err
}
+ if fs.IsSymlink(d.Inode.StableAttr) && !resolve {
+ return syserror.ELOOP
+ }
+
fileFlags := linuxToFlags(flags)
// Linux always adds the O_LARGEFILE flag when running in 64-bit mode.
fileFlags.LargeFile = true
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-19 04:22:29 +0000