github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-06 20:09:44 +00:00
Code Issues Projects Releases Wiki Activity

agent:rpc: handle the sealed secret in createcontainer

Browse Source 
Users must set the mount path to `/sealed/<path>` for kata agent to detect the sealed secret mount
and handle it in createcontainer stage.

Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
Signed-off-by: Linda Yu <linda.yu@intel.com>
This commit is contained in:
ChengyuZhu6 2024-09-29 16:01:12 +08:00
parent da281b4444
commit 1f33fd4cd4
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/agent/src/rpc.rs
View File

@ -241,6 +241,28 @@ impl AgentService {
} }
} }
let mounts = oci
.mounts_mut()
.as_mut()
.ok_or_else(|| anyhow!("Spec didn't contain mounts field"))?;
if cdh::is_cdh_client_initialized().await {
for m in mounts.iter_mut() {
if m.destination().starts_with("/sealed") {
info!(
sl(),
"sealed mount destination: {:?} source: {:?}",
m.destination(),
m.source()
);
if let Some(source_str) = m.source().as_ref().and_then(|p| p.to_str()) {
cdh::unseal_file(source_str).await?;
} else {
warn!(sl(), "Failed to unseal: Mount source is None or invalid");
}
}
}
}
let linux = oci let linux = oci
.linux() .linux()
.as_ref() .as_ref()