storage: Add extra failure condition for luks volume creation

Commit id '5e46d7d6' did not take into account that usage of a luks volume will require usage of the master key encrypted passphrase for a QEMU environment. So rather than allow creation of something that won't be usable, just fail the creation.

storage: Add extra failure condition for luks volume creation
Commit id '5e46d7d6' did not take into account that usage of a luks volume will require usage of the master key encrypted passphrase for a QEMU environment. So rather than allow creation of something that won't be usable, just fail the creation.
30d27f24 · John Ferlan · a53349e6 · 30d27f24
隐藏空白更改
内联并排

Showing with 7 addition and 0 deletion

src/storage/storage_backend.c src/storage/storage_backend.c +7 -0

未找到文件。
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -56,6 +56,7 @@
 #include "internal.h"
 #include "secret_conf.h"
 #include "secret_util.h"
+#include "vircrypto.h"
 #include "viruuid.h"
 #include "virstoragefile.h"
 #include "storage_backend.h"
@@ -1065,6 +1066,12 @@ virStorageBackendCreateQemuImgCheckEncryption(int format,
                           _("no secret provided for luks encryption"));
            return -1;
        }
+        if (!virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("luks encryption usage requires encrypted "
+                             "secret generation to be supported"));
+            return -1;
+        }
    } else {
        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                       _("volume encryption unsupported with format %s"), type);