lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 06 Mar 2008 08:32:47 -0600
From:	Dave Kleikamp <shaggy@...ux.vnet.ibm.com>
To:	Matthias Koenig <mkoenig@...e.de>
Cc:	"Theodore Ts'o" <tytso@....edu>, ludwig.nussel@...e.de,
	linux-ext4@...r.kernel.org
Subject: Re: [PATCH] [RFC] New fsck option to ignore device-mapper crypto
	devices

On Thu, 2008-03-06 at 14:41 +0100, Matthias Koenig wrote:
> Hi,
> 
> Current practice in defining crypto devices in common distributions
> has:
> 1. A definition of the device-mapper name with the corresponding device
>    in /etc/crypttab
> 2. A definition in /etc/fstab for the mountpoint of the dm device.
> 
> Steps involved into setting up the crypto devices are
> a. fsck local filesystems
> b. mount local filesystems
> c. device-mapper set up of crypto devices
> d. fsck crypto filesystems

How is fsck invoked here?  Does it use the -A flag?

> e. mount crypto filesystems
> 
> Steps a.+b. have to be done before the crypto device setup, because
> the crypto device could be in a file container on a local filesystem.
> 
> Now, the problem appears if /etc/fstab contains a mount point of a
> crypto device which is supposed to be fsck'd in step d.  fsck will
> fail in step a., since this device does not exist at this point in
> the boot process (it will be set up in step c.)

Should field 8 of /etc/fstab (fs_passno) be zero for these mount points?
Is there any reason for it to be anything different?

Alternately, would it make sense to define a special value for this
field that tells fsck to silently ignore it if the device does not
exist?

> In order to address this, I propose a new option for fsck, lets say '-X'.
> Enabling this will skip a device-mapper device which is currently
> nonexistent, but is defined in /etc/crypttab.

Could it be simplified to simply skip non-existent devices?  Should it
really be crypttab-specific?

> In this way crypto devices could be skipped without fsck failure when
> running fsck -A.
> Proposed patch to implement this below.
> 
> Regards,
> Matthias
-- 
David Kleikamp
IBM Linux Technology Center

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ