From 994062ec9ca70110c39d9c004cad62e23d4c7a41 Mon Sep 17 00:00:00 2001
From: Chong Cai <chongc@google.com>
Date: Wed, 23 Sep 2020 17:10:43 -0700
Subject: Set verity underlying fs mount as internal

PiperOrigin-RevId: 333404727
---
 pkg/sentry/fsimpl/verity/verity.go | 1 +
 1 file changed, 1 insertion(+)

(limited to 'pkg/sentry/fsimpl')

diff --git a/pkg/sentry/fsimpl/verity/verity.go b/pkg/sentry/fsimpl/verity/verity.go
index 9182df317..996c04b37 100644
--- a/pkg/sentry/fsimpl/verity/verity.go
+++ b/pkg/sentry/fsimpl/verity/verity.go
@@ -159,6 +159,7 @@ func (fstype FilesystemType) GetFilesystem(ctx context.Context, vfsObj *vfs.Virt
 	// verity, and should not be exposed or connected.
 	mopts := &vfs.MountOptions{
 		GetFilesystemOptions: iopts.LowerGetFSOptions,
+		InternalMount:        true,
 	}
 	mnt, err := vfsObj.MountDisconnected(ctx, creds, "", iopts.LowerName, mopts)
 	if err != nil {
-- 
cgit v1.2.3