Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-10-07 08:08:32 -04:00
Code Issues Projects Releases Packages Wiki Activity

Enable cryptsetup read/write workqueue bypass (#1150)

Browse source 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2023-02-08 12:01:14 +01:00 committed by GitHub
parent 821f87b7be
commit 68ce23b909
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
csi/cryptmapper/cryptmapper.go
View file

@ -18,6 +18,7 @@ import (
"time"
"github.com/edgelesssys/constellation/v2/internal/crypto"
ccryptsetup "github.com/edgelesssys/constellation/v2/internal/cryptsetup"
cryptsetup "github.com/martinjungblut/go-cryptsetup"
mount "k8s.io/mount-utils"
utilexec "k8s.io/utils/exec"
@ -296,7 +297,7 @@ func openCryptDevice(ctx context.Context, device DeviceMapper, source, volumeID
}
}
if err := device.ActivateByPassphrase(volumeID, 0, string(passphrase), 0); err != nil {
if err := device.ActivateByPassphrase(volumeID, 0, string(passphrase), ccryptsetup.ReadWriteQueueBypass); err != nil {
return "", fmt.Errorf("trying to activate dm-crypt volume: %w", err)
}
@ -368,8 +369,8 @@ func resizeCryptDevice(ctx context.Context, device DeviceMapper, name string,
return fmt.Errorf("getting key: %w", err)
}
if err := device.ActivateByPassphrase("", 0, string(passphrase), cryptsetup.CRYPT_ACTIVATE_KEYRING_KEY); err != nil {
return fmt.Errorf("activating keyrung for crypt device %q with passphrase: %w", name, err)
if err := device.ActivateByPassphrase("", 0, string(passphrase), cryptsetup.CRYPT_ACTIVATE_KEYRING_KEY|ccryptsetup.ReadWriteQueueBypass); err != nil {
return fmt.Errorf("activating keyring for crypt device %q with passphrase: %w", name, err)
}
if err := device.Resize(name, 0); err != nil {