From f2eba940159b4ed55359f99a3422ad899a8647ee Mon Sep 17 00:00:00 2001
From: Fabricio Voznika <fvoznika@google.com>
Date: Wed, 25 Mar 2020 15:23:48 -0700
Subject: Remove TODO to push down exec permission check

Pushing it down requires all implementation to check for
exec individualy which is not maintanable. Making it part
of GenericCheckPermissions add extra cost to everyone that
calls it. So it's better to keep is in
VirtualFilesystem.OpenAt.

Updates #1193

PiperOrigin-RevId: 302982993
---
 pkg/sentry/vfs/vfs.go | 2 --
 1 file changed, 2 deletions(-)

(limited to 'pkg/sentry')

diff --git a/pkg/sentry/vfs/vfs.go b/pkg/sentry/vfs/vfs.go
index 2e2880171..03d1fb943 100644
--- a/pkg/sentry/vfs/vfs.go
+++ b/pkg/sentry/vfs/vfs.go
@@ -402,8 +402,6 @@ func (vfs *VirtualFilesystem) OpenAt(ctx context.Context, creds *auth.Credential
 		if err == nil {
 			vfs.putResolvingPath(rp)
 
-			// TODO(gvisor.dev/issue/1193): Move inside fsimpl to avoid another call
-			// to FileDescription.Stat().
 			if opts.FileExec {
 				if fd.Mount().flags.NoExec {
 					fd.DecRef()
-- 
cgit v1.2.3