diff options
| author | Chong Cai <chongc@google.com> | 2021-08-12 14:59:27 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-08-12 15:02:32 -0700 |
| commit | 5f132ae1f889829e57ef6b2117342247b0f75b3a (patch) | |
| tree | c5a7355a6187290a795b41d4a3f846ca56d2a751 /runsc/cmd | |
| parent | 345eb4a666eb64c31fc050209abac974520236a3 (diff) | |
Clear Merkle files before measuring verity fs
PiperOrigin-RevId: 390467957
Diffstat (limited to 'runsc/cmd')
| -rw-r--r-- | runsc/cmd/verity_prepare.go | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/runsc/cmd/verity_prepare.go b/runsc/cmd/verity_prepare.go index 85d762a51..44c1d05db 100644 --- a/runsc/cmd/verity_prepare.go +++ b/runsc/cmd/verity_prepare.go @@ -82,7 +82,7 @@ func (c *VerityPrepare) Execute(_ context.Context, f *flag.FlagSet, args ...inte }, Process: &specs.Process{ Cwd: absRoot, - Args: []string{c.tool, "--path", "/verityroot"}, + Args: []string{c.tool, "--path", "/verityroot", "--rawpath", "/rawroot"}, Env: os.Environ(), Capabilities: specutils.AllCapabilities(), }, @@ -94,6 +94,11 @@ func (c *VerityPrepare) Execute(_ context.Context, f *flag.FlagSet, args ...inte Type: "bind", Options: []string{"verity.roothash="}, }, + { + Source: c.dir, + Destination: "/rawroot", + Type: "bind", + }, }, } |