libguestfs/lib/MAX_PROC_NR at 9a3e9a6c03eaffe60196bc4c7ae4699beae01dc3 - libguestfs - Pinfosec

mirrors/libguestfs

mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-21 22:53:37 +00:00

Files

Laszlo Ersek 9a3e9a6c03 introduce the "clevis_luks_unlock" API

Introduce a new guestfs API called "clevis_luks_unlock". At the libguestfs
level, it is quite simple; it wraps the "clevis luks unlock" guest command
(implemented by the "clevis-luks-unlock" executable, which is in fact a
shell script).

The complexity is instead in the network-based disk encryption
(Clevis/Tang) scheme. Useful documentation:

- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/security_hardening/index#configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening
- https://github.com/latchset/clevis#clevis
- https://github.com/latchset/tang#tang

The package providing "clevis-luks-unlock" is usually called
"clevis-luks", occasionally "clevis". Some distros don't package clevis at
all. Add the new API under a new option group (which may not be available)
called "clevisluks".

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220630122048.19335-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>

2022-07-01 15:07:26 +02:00

2 lines

4 B

Plaintext

Raw Blame History

512