Implement OpenAt() for verity fs

OpenAt() for verity fs is implemented by opening both the target file or directory and the corresponding Merkle tree file in the underlying file system. Generally they are only open for read. In allowRuntimeEnable mode, the Merkle tree file is also open for write. PiperOrigin-RevId: 332116423
author: Chong Cai <chongc@google.com> 2020-09-16 16:41:32 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-09-16 16:43:34 -0700
commit: 286830855552efb223afa500fbcfa532f33121c5 (patch)
tree: 241a06b8d5629e60ec919b9a54ba6dde75d82f06 /pkg/sentry/fsimpl/verity/verity.go
parent: 64aae6bbd6ab8c23ee48fd6e7315c27c2cbf2ea4 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/sentry/fsimpl/verity/verity.go b/pkg/sentry/fsimpl/verity/verity.go
index 96b5bd87f..3e0bcd02b 100644
--- a/pkg/sentry/fsimpl/verity/verity.go
+++ b/pkg/sentry/fsimpl/verity/verity.go
@@ -557,7 +557,7 @@ func (fd *fileDescription) enableVerity(ctx context.Context, uio usermem.IO, arg
 	defer verityMu.Unlock()
 
 	if fd.lowerFD == nil || fd.merkleReader == nil || fd.merkleWriter == nil || fd.parentMerkleWriter == nil {
-		panic("Unexpected verity fd: missing expected underlying fds")
+		return 0, alertIntegrityViolation(syserror.EIO, "Unexpected verity fd: missing expected underlying fds")
 	}
 
 	rootHash, dataSize, err := fd.generateMerkle(ctx)
author	Chong Cai <chongc@google.com>	2020-09-16 16:41:32 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-09-16 16:43:34 -0700
commit	286830855552efb223afa500fbcfa532f33121c5 (patch)
tree	241a06b8d5629e60ec919b9a54ba6dde75d82f06 /pkg/sentry/fsimpl/verity/verity.go
parent	64aae6bbd6ab8c23ee48fd6e7315c27c2cbf2ea4 (diff)