From d07915987631f4c3c6345275019a5b5b0cf28dbb Mon Sep 17 00:00:00 2001 From: Andrei Vagin Date: Wed, 23 Dec 2020 11:08:42 -0800 Subject: vfs1: don't allow to open socket files open() has to return ENXIO in this case. O_PATH isn't supported by vfs1. PiperOrigin-RevId: 348820478 --- pkg/sentry/fs/gofer/inode.go | 3 +++ 1 file changed, 3 insertions(+) (limited to 'pkg/sentry/fs/gofer/inode.go') diff --git a/pkg/sentry/fs/gofer/inode.go b/pkg/sentry/fs/gofer/inode.go index 9d6fdd08f..e840b6f5e 100644 --- a/pkg/sentry/fs/gofer/inode.go +++ b/pkg/sentry/fs/gofer/inode.go @@ -475,6 +475,9 @@ func (i *inodeOperations) Check(ctx context.Context, inode *fs.Inode, p fs.PermM func (i *inodeOperations) GetFile(ctx context.Context, d *fs.Dirent, flags fs.FileFlags) (*fs.File, error) { switch d.Inode.StableAttr.Type { case fs.Socket: + if i.session().overrides != nil { + return nil, syserror.ENXIO + } return i.getFileSocket(ctx, d, flags) case fs.Pipe: return i.getFilePipe(ctx, d, flags) -- cgit v1.2.3