Modify virStorageBackendLogicalLVCreate to ensure if encryption is requested that only type LUKS is supported; otherwise, error. Signed-off-by: John Ferlan <jferlan@redhat.com> --- src/storage/storage_backend_logical.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/storage/storage_backend_logical.c b/src/storage/storage_backend_logical.c index edd4971f1f..67ca7f514d 100644 --- a/src/storage/storage_backend_logical.c +++ b/src/storage/storage_backend_logical.c @@ -938,6 +938,13 @@ virStorageBackendLogicalLVCreate(virStorageVolDefPtr vol, unsigned long long capacity = vol->target.capacity; virCommandPtr cmd = NULL; + if (vol->target.encryption && + vol->target.encryption->format != VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("storage pool only supports LUKS encrypted volumes")); + return -1; + } + cmd = virCommandNewArgList(LVCREATE, "--name", vol->name, NULL); @@ -953,8 +960,7 @@ virStorageBackendLogicalLVCreate(virStorageVolDefPtr vol, /* If we're going to encrypt using LUKS, then we could need up to * an extra 2MB for the LUKS header - so account for that now */ - if (vol->target.encryption && - vol->target.encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) + if (vol->target.encryption) capacity += 2 * 1024 * 1024; virCommandAddArgFormat(cmd, "%lluK", VIR_DIV_UP(capacity, 1024)); -- 2.14.3