From 1a4074ab2ec641fd91ceaa20b5a58fd1a0dd9f5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Sat, 16 May 2026 12:07:12 +0200 Subject: [PATCH] agent: handle encrypted ephemeral storage for CCW block devices MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit VirtioBlkCcwHandler::create_device was calling common_storage_handler directly, bypassing the handle_block_storage function that checks for the encryption_key=ephemeral driver option. This meant that encrypted emptyDir volumes on s390x would attempt a plain mount of the raw block device instead of setting up dm-crypt via the CDH, resulting in an EINVAL mount error. Route CCW block devices through handle_block_storage, matching the pattern used by VirtioBlkPciHandler. Fixes: failed to mount /dev/vda to .../storage/..., EINVAL Signed-off-by: Fabiano FidĂȘncio --- src/agent/src/storage/block_handler.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/agent/src/storage/block_handler.rs b/src/agent/src/storage/block_handler.rs index d604922062..e4310a33b8 100644 --- a/src/agent/src/storage/block_handler.rs +++ b/src/agent/src/storage/block_handler.rs @@ -163,8 +163,8 @@ impl StorageHandler for VirtioBlkCcwHandler { let ccw_device = ccw::Device::from_str(&storage.source)?; let dev_path = get_virtio_blk_ccw_device_name(ctx.sandbox, &ccw_device).await?; storage.source = dev_path; - let path = common_storage_handler(ctx.logger, &storage)?; - new_device(path) + let dev_num = get_device_number(&storage.source, None)?; + handle_block_storage(ctx.logger, &storage, &dev_num).await } #[cfg(not(target_arch = "s390x"))]