[kexec-tools] error out if dump target is encrypted
Baoquan He
baoquan at fedoraproject.org
Thu Apr 11 09:05:19 UTC 2013
commit 1effb099424eab42720485477e56fab8d1bff2de
Author: dyoung at redhat.com <dyoung at redhat.com>
Date: Fri Mar 29 16:25:39 2013 +0800
error out if dump target is encrypted
We do not support dump to an encrypted disk now, so adding the functions to
error out if any of the dump target is encrypted.
This patch is based on the check resettable patches from BaoQuan which added
some dracut functions for iterating block devices.
Currently dracut support an encrypted rootfs, but it need interacive entering
passcode. It might be possible to use some keyfile to pass the key checking.
But let's fisrtly check and error out. In the future if there's such
requirement we can look into it that time.
Tested in F18 with encrypted root, encrypted disk other than root and
dump_to_rootfs with encrypted root.
Signed-off-by: Dave Young <dyoung at redhat.com>
Acked-by: Vivek Goyal <vgoyal at redhat.com>
mkdumprd | 39 +++++++++++++++++++++++++++++++++++++++
1 files changed, 39 insertions(+), 0 deletions(-)
---
diff --git a/mkdumprd b/mkdumprd
index c85fe2a..0be02f6 100644
--- a/mkdumprd
+++ b/mkdumprd
@@ -411,6 +411,45 @@ if ! check_resettable; then
exit 1
fi
+# $1: maj:min
+is_crypt()
+{
+ local majmin=$1 dev line ID_FS_TYPE=""
+
+ line=$(udevadm info --query=property --path=/sys/dev/block/$majmin \
+ | grep "^ID_FS_TYPE")
+ eval "$line"
+ [[ "$ID_FS_TYPE" = "crypto_LUKS" ]] && {
+ dev=$(udevadm info --query=all --path=/sys/dev/block/$majmin | awk -F= '/DEVNAME/{print $2}')
+ perror "Device $dev is encrypted, can not be used in kdump."
+ return 0
+ }
+ return 1
+}
+
+check_crypt()
+{
+ local _ret _target
+
+ for_each_block_target is_crypt
+ _ret=$?
+
+ [ $_ret -eq 0 ] && return
+
+ if [ $_ret -eq 1 ]; then
+ _target=$(get_block_dump_target)
+ perror "Can not save vmcore to target device $_target."
+ elif [ $_ret -eq 2 ]; then
+ perror "Default action is dump_to_rootfs but can not save vmcore to root device."
+ fi
+
+ return 1
+}
+
+if ! check_crypt; then
+ exit 1
+fi
+
# firstly get right SSH_KEY_LOCATION
keyfile=$(awk '/^sshkey/ {print $2}' $conf_file)
if [ -f "$keyfile" ]; then
More information about the scm-commits
mailing list