From 47b496054e05c2dd33c0ecf1386a36b3edf7c6ef Mon Sep 17 00:00:00 2001 From: Jamie Liu Date: Mon, 31 Aug 2020 13:55:18 -0700 Subject: Don't use read-only host FD for writable gofer dentries in VFS2. As documented for gofer.dentry.hostFD. PiperOrigin-RevId: 329372319 --- pkg/sentry/fsimpl/gofer/gofer.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/sentry/fsimpl/gofer/gofer.go b/pkg/sentry/fsimpl/gofer/gofer.go index 81d34cfe3..57bff1789 100644 --- a/pkg/sentry/fsimpl/gofer/gofer.go +++ b/pkg/sentry/fsimpl/gofer/gofer.go @@ -1472,8 +1472,9 @@ func (d *dentry) ensureSharedHandle(ctx context.Context, read, write, trunc bool return err } - if d.hostFD < 0 && openReadable && h.fd >= 0 { - // We have no existing FD; use the new FD for at least reading. + if d.hostFD < 0 && h.fd >= 0 && openReadable && (d.writeFile.isNil() || openWritable) { + // We have no existing FD, and the new FD meets the requirements + // for d.hostFD, so start using it. d.hostFD = h.fd } else if d.hostFD >= 0 && d.writeFile.isNil() && openWritable { // We have an existing read-only FD, but the file has just been -- cgit v1.2.3