[kexec-tools] error out if dump target is encrypted

Baoquan He baoquan at fedoraproject.org
Thu Apr 11 09:05:19 UTC 2013 

commit 1effb099424eab42720485477e56fab8d1bff2de
Author: dyoung at redhat.com <dyoung at redhat.com>
Date:   Fri Mar 29 16:25:39 2013 +0800

    error out if dump target is encrypted
    
    We do not support dump to an encrypted disk now, so adding the functions to
    error out if any of the dump target is encrypted.
    
    This patch is based on the check resettable patches from BaoQuan which added
    some dracut functions for iterating block devices.
    
    Currently dracut support an encrypted rootfs, but it need interacive entering
    passcode. It might be possible to use some keyfile to pass the key checking.
    But let's fisrtly check and error out. In the future if there's such
    requirement we can look into it that time.
    
    Tested in F18 with encrypted root, encrypted disk other than root and
    dump_to_rootfs with encrypted root.
    
    Signed-off-by: Dave Young <dyoung at redhat.com>
    Acked-by: Vivek Goyal <vgoyal at redhat.com>

 mkdumprd |   39 +++++++++++++++++++++++++++++++++++++++
 1 files changed, 39 insertions(+), 0 deletions(-)
---
diff --git a/mkdumprd b/mkdumprd
index c85fe2a..0be02f6 100644
--- a/mkdumprd
+++ b/mkdumprd
@@ -411,6 +411,45 @@ if ! check_resettable; then
     exit 1
 fi
 
+# $1: maj:min
+is_crypt()
+{
+    local majmin=$1 dev line ID_FS_TYPE=""
+
+    line=$(udevadm info --query=property --path=/sys/dev/block/$majmin \
+            | grep "^ID_FS_TYPE")
+    eval "$line"
+    [[ "$ID_FS_TYPE" = "crypto_LUKS" ]] && {
+        dev=$(udevadm info --query=all --path=/sys/dev/block/$majmin | awk -F= '/DEVNAME/{print $2}')
+        perror "Device $dev is encrypted, can not be used in kdump."
+        return 0
+    }
+    return 1
+}
+
+check_crypt()
+{
+    local _ret _target
+
+    for_each_block_target is_crypt
+    _ret=$?
+
+    [ $_ret -eq 0 ] && return
+
+    if [ $_ret -eq 1 ]; then
+        _target=$(get_block_dump_target)
+        perror "Can not save vmcore to target device $_target."
+    elif [ $_ret -eq 2 ]; then
+        perror "Default action is dump_to_rootfs but can not save vmcore to root device."
+    fi
+
+    return 1
+}
+
+if ! check_crypt; then
+    exit 1
+fi
+
 # firstly get right SSH_KEY_LOCATION
 keyfile=$(awk '/^sshkey/ {print $2}' $conf_file)
 if [ -f "$keyfile" ]; then

More information about the scm-commits mailing list