From 4249ba85068e7a398187af6c87daca2172ed25e5 Mon Sep 17 00:00:00 2001
From: Chong Cai <chongc@google.com>
Date: Wed, 11 Aug 2021 20:09:11 -0700
Subject: Do not clear merkle files when creating dentry

The dentry for each file/directory can be created/destroyed multiple
times during sandbox lifetime. We should not clear the Merkle file each
time a dentry is created.

PiperOrigin-RevId: 390277107
---
 pkg/sentry/fsimpl/verity/filesystem.go | 17 -----------------
 1 file changed, 17 deletions(-)

(limited to 'pkg/sentry')

diff --git a/pkg/sentry/fsimpl/verity/filesystem.go b/pkg/sentry/fsimpl/verity/filesystem.go
index 930016a3e..63105069f 100644
--- a/pkg/sentry/fsimpl/verity/filesystem.go
+++ b/pkg/sentry/fsimpl/verity/filesystem.go
@@ -595,23 +595,6 @@ func (fs *filesystem) lookupAndVerifyLocked(ctx context.Context, parent *dentry,
 		}
 	}
 
-	// Clear the Merkle tree file if they are to be generated at runtime.
-	// TODO(b/182315468): Optimize the Merkle tree generate process to
-	// allow only updating certain files/directories.
-	if fs.allowRuntimeEnable {
-		childMerkleFD, err := vfsObj.OpenAt(ctx, fs.creds, &vfs.PathOperation{
-			Root:  childMerkleVD,
-			Start: childMerkleVD,
-		}, &vfs.OpenOptions{
-			Flags: linux.O_RDWR | linux.O_TRUNC,
-			Mode:  0644,
-		})
-		if err != nil {
-			return nil, err
-		}
-		childMerkleFD.DecRef(ctx)
-	}
-
 	// The dentry needs to be cleaned up if any error occurs. IncRef will be
 	// called if a verity child dentry is successfully created.
 	defer childMerkleVD.DecRef(ctx)
-- 
cgit v1.2.3