mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
core: fix loading verity settings for MountImages=
The MountEntry logic was refactored to store the verity
settings, and updated for ExtensionImages=, but not for
MountImages=.
Follow-up for a1a40297db
This commit is contained in:
parent
783f794e89
commit
59a83e1188
@ -480,20 +480,28 @@ static int append_bind_mounts(MountList *ml, const BindMount *binds, size_t n) {
|
||||
}
|
||||
|
||||
static int append_mount_images(MountList *ml, const MountImage *mount_images, size_t n) {
|
||||
int r;
|
||||
|
||||
assert(ml);
|
||||
assert(mount_images || n == 0);
|
||||
|
||||
FOREACH_ARRAY(m, mount_images, n) {
|
||||
_cleanup_(verity_settings_done) VeritySettings verity = VERITY_SETTINGS_DEFAULT;
|
||||
MountEntry *me = mount_list_extend(ml);
|
||||
if (!me)
|
||||
return log_oom_debug();
|
||||
|
||||
r = verity_settings_load(&verity, m->source, /* root_hash_path= */ NULL, /* root_hash_sig_path= */ NULL);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to check verity root hash of %s: %m", m->source);
|
||||
|
||||
*me = (MountEntry) {
|
||||
.path_const = m->destination,
|
||||
.mode = MOUNT_IMAGE,
|
||||
.source_const = m->source,
|
||||
.image_options_const = m->mount_options,
|
||||
.ignore = m->ignore_enoent,
|
||||
.verity = TAKE_GENERIC(verity, VeritySettings, VERITY_SETTINGS_DEFAULT),
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -281,6 +281,9 @@ systemd-run -P \
|
||||
-p RootHash="$MINIMAL_IMAGE_ROOTHASH" \
|
||||
-p MountImages="$MINIMAL_IMAGE.gpt:/run/img1 $MINIMAL_IMAGE.raw:/run/img2" \
|
||||
cat /run/img2/usr/lib/os-release | grep -q -F "MARKER=1"
|
||||
systemd-run -P \
|
||||
-p MountImages="$MINIMAL_IMAGE.raw:/run/img2" \
|
||||
veritysetup status "${MINIMAL_IMAGE_ROOTHASH}-verity" | grep -q "${MINIMAL_IMAGE_ROOTHASH}"
|
||||
cat >/run/systemd/system/testservice-50c.service <<EOF
|
||||
[Service]
|
||||
MountAPIVFS=yes
|
||||
|
Loading…
Reference in New Issue
Block a user