2 files changed, 13 insertions, 14 deletions

diff --git a/host/commands/assemble_cvd/flags.cc b/host/commands/assemble_cvd/flags.cc
index 20a5c039b..46db93730 100644
--- a/host/commands/assemble_cvd/flags.cc
+++ b/host/commands/assemble_cvd/flags.cc
@@ -110,8 +110,10 @@ DEFINE_bool(start_vnc_server, false, "Whether to start the vnc server process. "
  *
  * --enable-sandbox=no, etc: will disable sandbox
  *
- * no option given: it is enabled only if /var/empty exists
- *                  if /var/empty exists but seccomp doesn't, assembly_cvd will terminate
+ * no option given: it is enabled if /var/empty exists and an empty directory
+ *                             or if it does not exist and can be created
+ *
+ * if seccomp dir doesn't exist, assembly_cvd will terminate
  *
  * See SetDefaultFlagsForCrosvm()
  *
@@ -480,8 +482,10 @@ void SetDefaultFlagsForCrosvm() {
           if (cvd::DirectoryExists(var_empty)) {
             return cvd::IsDirectoryEmpty(var_empty);
           }
-          // if file does not exist, we will create one later
-          return cvd::FileExists(var_empty);
+          if (cvd::FileExists(var_empty)) {
+            return false;
+          }
+          return (::mkdir(var_empty.c_str(), 0755) == 0);
         }(vsoc::kCrosvmVarEmptyDir);
   }
   SetCommandLineOptionWithMode("enable_sandbox",
diff --git a/host/libs/vm_manager/crosvm_manager.cpp b/host/libs/vm_manager/crosvm_manager.cpp
index 49f304304..3d9d8f6cf 100644
--- a/host/libs/vm_manager/crosvm_manager.cpp
+++ b/host/libs/vm_manager/crosvm_manager.cpp
@@ -163,18 +163,13 @@ std::vector<cvd::Command> CrosvmManager::StartCommands() {
   crosvm_cmd.AddParameter("--rw-pmem-device=", instance.access_kregistry_path());
 
   if (config_->enable_sandbox()) {
-    bool var_empty_exists = true;
     const bool seccomp_exists = cvd::DirectoryExists(config_->seccomp_policy_dir());
     const std::string& var_empty_dir = vsoc::kCrosvmVarEmptyDir;
-    if (!cvd::DirectoryExists(var_empty_dir)) {
-      // mkdir returns 0 on success
-      var_empty_exists = (::mkdir(var_empty_dir.c_str(), 0755) == 0);
-    }
-
-    if (!var_empty_exists || !seccomp_exists) {
-      LOG(FATAL) << "Either " << var_empty_dir << " does not exist or "
-                 << "Seccomp-policy-dir, " << config_->seccomp_policy_dir()
-                 << " does not exist." << std::endl;
+    const bool var_empty_available = cvd::DirectoryExists(var_empty_dir);
+    if (!var_empty_available || !seccomp_exists) {
+      LOG(FATAL) << var_empty_dir << " is not an existing, empty directory."
+                 << "seccomp-policy-dir, " << config_->seccomp_policy_dir()
+                 << " does not exist " << std::endl;
       return {};
     }
     crosvm_cmd.AddParameter("--seccomp-policy-dir=", config_->seccomp_policy_dir());