From 5f132ae1f889829e57ef6b2117342247b0f75b3a Mon Sep 17 00:00:00 2001
From: Chong Cai <chongc@google.com>
Date: Thu, 12 Aug 2021 14:59:27 -0700
Subject: Clear Merkle files before measuring verity fs

PiperOrigin-RevId: 390467957
---
 runsc/cmd/verity_prepare.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'runsc/cmd')

diff --git a/runsc/cmd/verity_prepare.go b/runsc/cmd/verity_prepare.go
index 85d762a51..44c1d05db 100644
--- a/runsc/cmd/verity_prepare.go
+++ b/runsc/cmd/verity_prepare.go
@@ -82,7 +82,7 @@ func (c *VerityPrepare) Execute(_ context.Context, f *flag.FlagSet, args ...inte
 		},
 		Process: &specs.Process{
 			Cwd:          absRoot,
-			Args:         []string{c.tool, "--path", "/verityroot"},
+			Args:         []string{c.tool, "--path", "/verityroot", "--rawpath", "/rawroot"},
 			Env:          os.Environ(),
 			Capabilities: specutils.AllCapabilities(),
 		},
@@ -94,6 +94,11 @@ func (c *VerityPrepare) Execute(_ context.Context, f *flag.FlagSet, args ...inte
 				Type:        "bind",
 				Options:     []string{"verity.roothash="},
 			},
+			{
+				Source:      c.dir,
+				Destination: "/rawroot",
+				Type:        "bind",
+			},
 		},
 	}
 
-- 
cgit v1.2.3