From d9c9040474806aa341f93391d6cdfee7c8802daf Mon Sep 17 00:00:00 2001
From: Yohei Ueda <yohei@jp.ibm.com>
Date: Thu, 12 Oct 2023 15:07:10 +0900
Subject: [PATCH] runtime: fix k8s secret issue with remote hyp

kata-shim CCv0 does not propagate dynamically
updated k8s secret values due to incorrect
file name matching. This patch fixes the the wrong file
name matching for k8s secret volume paths.

Note that this problem has already fixed in the main
branch.

Fixes: #8208
Signed-off-by: Yohei Ueda <yohei@jp.ibm.com>
---
 src/runtime/virtcontainers/fs_share_linux.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/runtime/virtcontainers/fs_share_linux.go b/src/runtime/virtcontainers/fs_share_linux.go
index 566f3bdd2d..bb0546675e 100644
--- a/src/runtime/virtcontainers/fs_share_linux.go
+++ b/src/runtime/virtcontainers/fs_share_linux.go
@@ -293,7 +293,7 @@ func (f *FilesystemShare) ShareFile(ctx context.Context, c *Container, m *Mount)
 
 			// Add fsNotify watcher for volume mounts
 			if strings.Contains(srcPath, "kubernetes.io~configmap") ||
-				strings.Contains(srcPath, "kubernetes.io~secrets") ||
+				strings.Contains(srcPath, "kubernetes.io~secret") ||
 				strings.Contains(srcPath, "kubernetes.io~projected") ||
 				strings.Contains(srcPath, "kubernetes.io~downward-api") {