From e146a24ff5db9218788e2af0c2ea8603813fa23e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Sun, 10 May 2026 19:03:50 +0200 Subject: [PATCH] rootfs-builder: enable kata-addon-mount@coco.service in systemd targets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Create a symlink to enable kata-addon-mount@coco.service in kata-containers.target.wants during rootfs construction for systemd-based (non-AGENT_INIT) guests. The unit's ConditionPathExists guard ensures it only activates when the virtio-addon-coco block device is actually present in the VM, so enabling it unconditionally in the base image is safe. Signed-off-by: Fabiano FidĂȘncio Assisted-by: Cursor --- tools/osbuilder/rootfs-builder/rootfs.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh index 6e07f1d3c7..40ebd5ba9e 100755 --- a/tools/osbuilder/rootfs-builder/rootfs.sh +++ b/tools/osbuilder/rootfs-builder/rootfs.sh @@ -791,6 +791,11 @@ EOF ln -sf "/usr/lib/systemd/system/kata-containers.target" "${ROOTFS_DIR}/etc/systemd/system/basic.target.wants/kata-containers.target" mkdir -p "${ROOTFS_DIR}/etc/systemd/system/kata-containers.target.wants" ln -sf "/usr/lib/systemd/system/dbus.socket" "${ROOTFS_DIR}/etc/systemd/system/kata-containers.target.wants/dbus.socket" + # Enable the addon mount template for known addon names. + # The unit uses ConditionPathExists so it is a no-op when the + # addon device is not attached to the VM. + ln -sf "/usr/lib/systemd/system/kata-addon-mount@.service" \ + "${ROOTFS_DIR}/etc/systemd/system/kata-containers.target.wants/kata-addon-mount@coco.service" chmod g+rx,o+x "${ROOTFS_DIR}" if [[ "${CONFIDENTIAL_GUEST}" == "yes" ]]; then