diff options
author | Chong Cai <chongc@google.com> | 2021-08-11 20:09:11 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-08-11 20:11:19 -0700 |
commit | 4249ba85068e7a398187af6c87daca2172ed25e5 (patch) | |
tree | 8c5833964f8edf4a350436e699ef5d944a14059a | |
parent | 5456fa6477eee26c553aa84311b3044f1af0d9a1 (diff) |
Do not clear merkle files when creating dentry
The dentry for each file/directory can be created/destroyed multiple
times during sandbox lifetime. We should not clear the Merkle file each
time a dentry is created.
PiperOrigin-RevId: 390277107
-rw-r--r-- | pkg/sentry/fsimpl/verity/filesystem.go | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/pkg/sentry/fsimpl/verity/filesystem.go b/pkg/sentry/fsimpl/verity/filesystem.go index 930016a3e..63105069f 100644 --- a/pkg/sentry/fsimpl/verity/filesystem.go +++ b/pkg/sentry/fsimpl/verity/filesystem.go @@ -595,23 +595,6 @@ func (fs *filesystem) lookupAndVerifyLocked(ctx context.Context, parent *dentry, } } - // Clear the Merkle tree file if they are to be generated at runtime. - // TODO(b/182315468): Optimize the Merkle tree generate process to - // allow only updating certain files/directories. - if fs.allowRuntimeEnable { - childMerkleFD, err := vfsObj.OpenAt(ctx, fs.creds, &vfs.PathOperation{ - Root: childMerkleVD, - Start: childMerkleVD, - }, &vfs.OpenOptions{ - Flags: linux.O_RDWR | linux.O_TRUNC, - Mode: 0644, - }) - if err != nil { - return nil, err - } - childMerkleFD.DecRef(ctx) - } - // The dentry needs to be cleaned up if any error occurs. IncRef will be // called if a verity child dentry is successfully created. defer childMerkleVD.DecRef(ctx) |