github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Implement fsverity functionality

Browse Source 
Implement calls to the fsverity kernel module, allowing containerd to
enable fsverity on blob data in the content store. This causes fsverity
to veirfy the integrity of blob data when the blob is read.

Signed-off-by: James Jenkins <James.Jenkins@ibm.com>
This commit is contained in:
James Jenkins
2024-01-09 10:43:13 -05:00
parent b0d00f8636
commit ef98c71985
6 changed files with 430 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
plugins/content/local/store_test.go
View File

@@ -35,6 +35,7 @@ import (
"github.com/containerd/containerd/v2/core/content"
"github.com/containerd/containerd/v2/core/content/testsuite"
"github.com/containerd/containerd/v2/internal/randutil"
"github.com/containerd/containerd/v2/pkg/fsverity"
"github.com/containerd/containerd/v2/pkg/testutil"
"github.com/containerd/errdefs"
@@ -193,6 +194,18 @@ func TestContentWriter(t *testing.T) {
t.Fatal("mismatched data written to disk")
}
// ensure fsverity is enabled on blob if fsverity is supported
ok, err := fsverity.IsSupported(tmpdir)
if !ok || err != nil {
t.Log("fsverity not supported, skipping fsverity check")
return
}
ok, err = fsverity.IsEnabled(path)
if !ok || err != nil {
t.Fatal(err)
}
}
func TestWalkBlobs(t *testing.T) {