mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-16 23:17:42 +00:00
image_rpc: Make init_attestation_agent
fail gracefully
Without this, a failure in `init_attestion_agent` would lead to a panic. Fixes #5406 Signed-off-by: Wedson Almeida Filho <walmeida@microsoft.com>
This commit is contained in:
parent
7dd8b78d44
commit
c7e4548fc2
@ -177,7 +177,7 @@ impl ImageService {
|
|||||||
|
|
||||||
// If we fail to start the AA, Skopeo/ocicrypt won't be able to unwrap keys
|
// If we fail to start the AA, Skopeo/ocicrypt won't be able to unwrap keys
|
||||||
// and container decryption will fail.
|
// and container decryption will fail.
|
||||||
fn init_attestation_agent() {
|
fn init_attestation_agent() -> Result<()> {
|
||||||
let config_path = OCICRYPT_CONFIG_PATH;
|
let config_path = OCICRYPT_CONFIG_PATH;
|
||||||
|
|
||||||
// The image will need to be encrypted using a keyprovider
|
// The image will need to be encrypted using a keyprovider
|
||||||
@ -190,10 +190,8 @@ impl ImageService {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
let mut config_file = fs::File::create(config_path).unwrap();
|
let mut config_file = fs::File::create(config_path)?;
|
||||||
config_file
|
config_file.write_all(ocicrypt_config.to_string().as_bytes())?;
|
||||||
.write_all(ocicrypt_config.to_string().as_bytes())
|
|
||||||
.unwrap();
|
|
||||||
|
|
||||||
// The Attestation Agent will run for the duration of the guest.
|
// The Attestation Agent will run for the duration of the guest.
|
||||||
Command::new(AA_PATH)
|
Command::new(AA_PATH)
|
||||||
@ -201,8 +199,8 @@ impl ImageService {
|
|||||||
.arg(AA_KEYPROVIDER_PORT)
|
.arg(AA_KEYPROVIDER_PORT)
|
||||||
.arg("--getresource_sock")
|
.arg("--getresource_sock")
|
||||||
.arg(AA_GETRESOURCE_PORT)
|
.arg(AA_GETRESOURCE_PORT)
|
||||||
.spawn()
|
.spawn()?;
|
||||||
.unwrap();
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn pull_image(&self, req: &image::PullImageRequest) -> Result<String> {
|
async fn pull_image(&self, req: &image::PullImageRequest) -> Result<String> {
|
||||||
@ -252,7 +250,7 @@ impl ImageService {
|
|||||||
Ordering::SeqCst,
|
Ordering::SeqCst,
|
||||||
Ordering::SeqCst,
|
Ordering::SeqCst,
|
||||||
) {
|
) {
|
||||||
Ok(_) => Self::init_attestation_agent(),
|
Ok(_) => Self::init_attestation_agent()?,
|
||||||
Err(_) => info!(sl!(), "Attestation Agent already running"),
|
Err(_) => info!(sl!(), "Attestation Agent already running"),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user