diff options
author | Chong Cai <chongc@google.com> | 2021-04-08 18:31:11 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-04-08 18:33:20 -0700 |
commit | edf30a9bc5a645a7e03fca81f3e5852214588021 (patch) | |
tree | f1adec56d67894993f0912468850e962f1158c28 /pkg | |
parent | 496a3654e7af2ee905c1183c622687c6af29069b (diff) |
Set root dentry and hash for verity before verify
Set root dentry and root hash in verity fs before we verify the root
directory if a root hash is provided. These are used during
verification.
PiperOrigin-RevId: 367547346
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/sentry/fsimpl/verity/verity.go | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/pkg/sentry/fsimpl/verity/verity.go b/pkg/sentry/fsimpl/verity/verity.go index 6d6e0e77a..06f2c211c 100644 --- a/pkg/sentry/fsimpl/verity/verity.go +++ b/pkg/sentry/fsimpl/verity/verity.go @@ -428,9 +428,15 @@ func (fstype FilesystemType) GetFilesystem(ctx context.Context, vfsObj *vfs.Virt d.mode = uint32(stat.Mode) d.uid = stat.UID d.gid = stat.GID - d.hash = make([]byte, len(rootHash)) d.childrenNames = make(map[string]struct{}) + d.hashMu.Lock() + d.hash = make([]byte, len(rootHash)) + copy(d.hash, rootHash) + d.hashMu.Unlock() + + fs.rootDentry = d + if !d.isDir() { ctx.Warningf("verity root must be a directory") return nil, nil, syserror.EINVAL @@ -502,13 +508,8 @@ func (fstype FilesystemType) GetFilesystem(ctx context.Context, vfsObj *vfs.Virt } } - d.hashMu.Lock() - copy(d.hash, rootHash) - d.hashMu.Unlock() d.vfsd.Init(d) - fs.rootDentry = d - return &fs.vfsfs, &d.vfsd, nil } |