mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-01 22:50:54 +00:00
agent: handle encrypted ephemeral storage for CCW block devices
VirtioBlkCcwHandler::create_device was calling common_storage_handler directly, bypassing the handle_block_storage function that checks for the encryption_key=ephemeral driver option. This meant that encrypted emptyDir volumes on s390x would attempt a plain mount of the raw block device instead of setting up dm-crypt via the CDH, resulting in an EINVAL mount error. Route CCW block devices through handle_block_storage, matching the pattern used by VirtioBlkPciHandler. Fixes: failed to mount /dev/vda to .../storage/..., EINVAL Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
This commit is contained in:
@@ -163,8 +163,8 @@ impl StorageHandler for VirtioBlkCcwHandler {
|
||||
let ccw_device = ccw::Device::from_str(&storage.source)?;
|
||||
let dev_path = get_virtio_blk_ccw_device_name(ctx.sandbox, &ccw_device).await?;
|
||||
storage.source = dev_path;
|
||||
let path = common_storage_handler(ctx.logger, &storage)?;
|
||||
new_device(path)
|
||||
let dev_num = get_device_number(&storage.source, None)?;
|
||||
handle_block_storage(ctx.logger, &storage, &dev_num).await
|
||||
}
|
||||
|
||||
#[cfg(not(target_arch = "s390x"))]
|
||||
|
||||
Reference in New Issue
Block a user