summaryrefslogtreecommitdiffhomepage
path: root/runsc
diff options
context:
space:
mode:
authorChong Cai <chongc@google.com>2021-08-12 14:59:27 -0700
committergVisor bot <gvisor-bot@google.com>2021-08-12 15:02:32 -0700
commit5f132ae1f889829e57ef6b2117342247b0f75b3a (patch)
treec5a7355a6187290a795b41d4a3f846ca56d2a751 /runsc
parent345eb4a666eb64c31fc050209abac974520236a3 (diff)
Clear Merkle files before measuring verity fs
PiperOrigin-RevId: 390467957
Diffstat (limited to 'runsc')
-rw-r--r--runsc/cmd/verity_prepare.go7
1 files changed, 6 insertions, 1 deletions
diff --git a/runsc/cmd/verity_prepare.go b/runsc/cmd/verity_prepare.go
index 85d762a51..44c1d05db 100644
--- a/runsc/cmd/verity_prepare.go
+++ b/runsc/cmd/verity_prepare.go
@@ -82,7 +82,7 @@ func (c *VerityPrepare) Execute(_ context.Context, f *flag.FlagSet, args ...inte
},
Process: &specs.Process{
Cwd: absRoot,
- Args: []string{c.tool, "--path", "/verityroot"},
+ Args: []string{c.tool, "--path", "/verityroot", "--rawpath", "/rawroot"},
Env: os.Environ(),
Capabilities: specutils.AllCapabilities(),
},
@@ -94,6 +94,11 @@ func (c *VerityPrepare) Execute(_ context.Context, f *flag.FlagSet, args ...inte
Type: "bind",
Options: []string{"verity.roothash="},
},
+ {
+ Source: c.dir,
+ Destination: "/rawroot",
+ Type: "bind",
+ },
},
}