diff options
-rw-r--r-- | host/commands/assemble_cvd/flags.cc | 12 | ||||
-rw-r--r-- | host/libs/vm_manager/crosvm_manager.cpp | 15 |
2 files changed, 13 insertions, 14 deletions
diff --git a/host/commands/assemble_cvd/flags.cc b/host/commands/assemble_cvd/flags.cc index 20a5c039b..46db93730 100644 --- a/host/commands/assemble_cvd/flags.cc +++ b/host/commands/assemble_cvd/flags.cc @@ -110,8 +110,10 @@ DEFINE_bool(start_vnc_server, false, "Whether to start the vnc server process. " * * --enable-sandbox=no, etc: will disable sandbox * - * no option given: it is enabled only if /var/empty exists - * if /var/empty exists but seccomp doesn't, assembly_cvd will terminate + * no option given: it is enabled if /var/empty exists and an empty directory + * or if it does not exist and can be created + * + * if seccomp dir doesn't exist, assembly_cvd will terminate * * See SetDefaultFlagsForCrosvm() * @@ -480,8 +482,10 @@ void SetDefaultFlagsForCrosvm() { if (cvd::DirectoryExists(var_empty)) { return cvd::IsDirectoryEmpty(var_empty); } - // if file does not exist, we will create one later - return cvd::FileExists(var_empty); + if (cvd::FileExists(var_empty)) { + return false; + } + return (::mkdir(var_empty.c_str(), 0755) == 0); }(vsoc::kCrosvmVarEmptyDir); } SetCommandLineOptionWithMode("enable_sandbox", diff --git a/host/libs/vm_manager/crosvm_manager.cpp b/host/libs/vm_manager/crosvm_manager.cpp index 49f304304..3d9d8f6cf 100644 --- a/host/libs/vm_manager/crosvm_manager.cpp +++ b/host/libs/vm_manager/crosvm_manager.cpp @@ -163,18 +163,13 @@ std::vector<cvd::Command> CrosvmManager::StartCommands() { crosvm_cmd.AddParameter("--rw-pmem-device=", instance.access_kregistry_path()); if (config_->enable_sandbox()) { - bool var_empty_exists = true; const bool seccomp_exists = cvd::DirectoryExists(config_->seccomp_policy_dir()); const std::string& var_empty_dir = vsoc::kCrosvmVarEmptyDir; - if (!cvd::DirectoryExists(var_empty_dir)) { - // mkdir returns 0 on success - var_empty_exists = (::mkdir(var_empty_dir.c_str(), 0755) == 0); - } - - if (!var_empty_exists || !seccomp_exists) { - LOG(FATAL) << "Either " << var_empty_dir << " does not exist or " - << "Seccomp-policy-dir, " << config_->seccomp_policy_dir() - << " does not exist." << std::endl; + const bool var_empty_available = cvd::DirectoryExists(var_empty_dir); + if (!var_empty_available || !seccomp_exists) { + LOG(FATAL) << var_empty_dir << " is not an existing, empty directory." + << "seccomp-policy-dir, " << config_->seccomp_policy_dir() + << " does not exist " << std::endl; return {}; } crosvm_cmd.AddParameter("--seccomp-policy-dir=", config_->seccomp_policy_dir()); |