From 286830855552efb223afa500fbcfa532f33121c5 Mon Sep 17 00:00:00 2001
From: Chong Cai <chongc@google.com>
Date: Wed, 16 Sep 2020 16:41:32 -0700
Subject: Implement OpenAt() for verity fs

OpenAt() for verity fs is implemented by opening both the target file or
directory and the corresponding Merkle tree file in the underlying file
system. Generally they are only open for read. In allowRuntimeEnable
mode, the Merkle tree file is also open for write.

PiperOrigin-RevId: 332116423
---
 pkg/sentry/fsimpl/verity/verity.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'pkg/sentry/fsimpl/verity/verity.go')

diff --git a/pkg/sentry/fsimpl/verity/verity.go b/pkg/sentry/fsimpl/verity/verity.go
index 96b5bd87f..3e0bcd02b 100644
--- a/pkg/sentry/fsimpl/verity/verity.go
+++ b/pkg/sentry/fsimpl/verity/verity.go
@@ -557,7 +557,7 @@ func (fd *fileDescription) enableVerity(ctx context.Context, uio usermem.IO, arg
 	defer verityMu.Unlock()
 
 	if fd.lowerFD == nil || fd.merkleReader == nil || fd.merkleWriter == nil || fd.parentMerkleWriter == nil {
-		panic("Unexpected verity fd: missing expected underlying fds")
+		return 0, alertIntegrityViolation(syserror.EIO, "Unexpected verity fd: missing expected underlying fds")
 	}
 
 	rootHash, dataSize, err := fd.generateMerkle(ctx)
-- 
cgit v1.2.3