Commit id '5e46d7d6' did not take into account that usage of a luks
volume will require usage of the master key encrypted passphrase for
a QEMU environment. So rather than allow creation of something that
won't be usable, just fail the creation.
Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
---
src/storage/storage_backend.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/storage/storage_backend.c b/src/storage/storage_backend.c
index 6aa5593..862fb29 100644
--- a/src/storage/storage_backend.c
+++ b/src/storage/storage_backend.c
@@ -56,6 +56,7 @@
#include "internal.h"
#include "secret_conf.h"
#include "secret_util.h"
+#include "vircrypto.h"
#include "viruuid.h"
#include "virstoragefile.h"
#include "storage_backend.h"
@@ -1065,6 +1066,12 @@ virStorageBackendCreateQemuImgCheckEncryption(int format,
_("no secret provided for luks encryption"));
return -1;
}
+ if (!virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("luks encryption usage requires encrypted "
+ "secret generation to be supported"));
+ return -1;
+ }
} else {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("volume encryption unsupported with format %s"), type);
--
2.5.5
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list