github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-16 22:39:01 +00:00
Code Issues Projects Releases Wiki Activity

initramfs: Enforce --panic-on-corruption for veritysetup

Browse Source 
Let's enforce an error on veritysetup in case there's any tampering with
the rootfs.

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
This commit is contained in:
Fabiano Fidêncio
2025-08-22 20:42:07 +02:00
committed by Fabiano Fidêncio
parent bdd98ec623
commit 8f948e28dd
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tools/packaging/static-build/initramfs/init.sh
View File

@@ -48,7 +48,7 @@ then
exit 1 exit 1
fi fi
veritysetup open "${root_device}" root "${hash_device}" "${rootfs_hash}" veritysetup open --panic-on-corruption "${root_device}" root "${hash_device}" "${rootfs_hash}"
mount /dev/mapper/root /mnt mount /dev/mapper/root /mnt
else else
echo "No LUKS device found" echo "No LUKS device found"