From 65fdb18c96687e04a7790009c19a28ad19d3e110 Mon Sep 17 00:00:00 2001 From: Hyounggyu Choi Date: Thu, 28 Aug 2025 15:13:57 +0200 Subject: [PATCH] runtime-rs: Adjust path for sealed secret mount check Mount validation for sealed secret requires the base path to start with `/run/kata-containers/shared/containers`. Previously, it used `/run/kata-containers/sandbox/passthrough`, which caused test failures where volume mounts are used. This commit renames the path to satisfy the validation check. Signed-off-by: Hyounggyu Choi --- .../crates/resource/src/share_fs/mod.rs | 2 +- .../resource/src/volume/share_fs_volume.rs | 17 +++-------------- 2 files changed, 4 insertions(+), 15 deletions(-) diff --git a/src/runtime-rs/crates/resource/src/share_fs/mod.rs b/src/runtime-rs/crates/resource/src/share_fs/mod.rs index 57efec756f..faf6a20ccf 100644 --- a/src/runtime-rs/crates/resource/src/share_fs/mod.rs +++ b/src/runtime-rs/crates/resource/src/share_fs/mod.rs @@ -38,7 +38,7 @@ const INLINE_VIRTIO_FS: &str = "inline-virtio-fs"; const KATA_HOST_SHARED_DIR: &str = "/run/kata-containers/shared/sandboxes/"; /// share fs (for example virtio-fs) mount path in the guest -const KATA_GUEST_SHARE_DIR: &str = "/run/kata-containers/shared/containers/"; +pub const KATA_GUEST_SHARE_DIR: &str = "/run/kata-containers/shared/containers/"; pub(crate) const DEFAULT_KATA_GUEST_SANDBOX_DIR: &str = "/run/kata-containers/sandbox/"; diff --git a/src/runtime-rs/crates/resource/src/volume/share_fs_volume.rs b/src/runtime-rs/crates/resource/src/volume/share_fs_volume.rs index 0a570a3c74..9cc42ebd17 100644 --- a/src/runtime-rs/crates/resource/src/volume/share_fs_volume.rs +++ b/src/runtime-rs/crates/resource/src/volume/share_fs_volume.rs @@ -31,8 +31,7 @@ use tokio::{ use walkdir::WalkDir; use super::Volume; -use crate::share_fs::DEFAULT_KATA_GUEST_SANDBOX_DIR; -use crate::share_fs::PASSTHROUGH_FS_DIR; +use crate::share_fs::KATA_GUEST_SHARE_DIR; use crate::share_fs::{MountedInfo, ShareFs, ShareFsVolumeConfig}; use kata_types::{ k8s::{is_configmap, is_downward_api, is_projected, is_secret}, @@ -286,12 +285,7 @@ impl ShareFsVolume { // If the mount source is a file, we can copy it to the sandbox if src.is_file() { // This is where we set the value for the guest path - let dest = [ - DEFAULT_KATA_GUEST_SANDBOX_DIR, - PASSTHROUGH_FS_DIR, - file_name.clone().as_str(), - ] - .join("/"); + let dest = [KATA_GUEST_SHARE_DIR, file_name.clone().as_str()].join("/"); debug!( sl!(), @@ -347,12 +341,7 @@ impl ShareFsVolume { info!(sl!(), "copying directory {:?} to guest", &source_path); // create target path in guest - let dest_dir = [ - DEFAULT_KATA_GUEST_SANDBOX_DIR, - PASSTHROUGH_FS_DIR, - file_name.clone().as_str(), - ] - .join("/"); + let dest_dir = [KATA_GUEST_SHARE_DIR, file_name.clone().as_str()].join("/"); // create directory let dir_metadata = std::fs::metadata(src.clone())