mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 21:55:25 +00:00
storage: Add extra failure condition for luks volume creation
Commit id '5e46d7d6' did not take into account that usage of a luks volume will require usage of the master key encrypted passphrase for a QEMU environment. So rather than allow creation of something that won't be usable, just fail the creation.
This commit is contained in:
parent
a53349e6c6
commit
30d27f24d8
@ -56,6 +56,7 @@
|
||||
#include "internal.h"
|
||||
#include "secret_conf.h"
|
||||
#include "secret_util.h"
|
||||
#include "vircrypto.h"
|
||||
#include "viruuid.h"
|
||||
#include "virstoragefile.h"
|
||||
#include "storage_backend.h"
|
||||
@ -1065,6 +1066,12 @@ virStorageBackendCreateQemuImgCheckEncryption(int format,
|
||||
_("no secret provided for luks encryption"));
|
||||
return -1;
|
||||
}
|
||||
if (!virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC)) {
|
||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||
_("luks encryption usage requires encrypted "
|
||||
"secret generation to be supported"));
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
|
||||
_("volume encryption unsupported with format %s"), type);
|
||||
|
Loading…
Reference in New Issue
Block a user