Commit 0b5418c0 authored by Milan Broz's avatar Milan Broz

Use secure data bit for dm-ioctl if supported.

git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@434 36d66b0a-2a48-0410-832c-cd162a569da5
parent 3e6935b7
2011-04-05 Milan Broz <mbroz@redhat.com>
* Add exception to COPYING for binary distribution linked with OpenSSL library.
* Set secure data flag (wipe all ioclt buffers) if devmapper library supports it.
2011-01-29 Milan Broz <mbroz@redhat.com>
* Fix mapping removal if device disappeared but node still exists.
......
......@@ -152,6 +152,7 @@ PKG_CHECK_MODULES([DEVMAPPER], [devmapper >= 1.02.03],, [
LIBS=$saved_LIBS
LIBS="$LIBS $DEVMAPPER_LIBS"
AC_CHECK_DECLS([dm_task_secure_data], [], [], [#include <libdevmapper.h>])
AC_CHECK_DECLS([DM_UDEV_DISABLE_DISK_RULES_FLAG], [have_cookie=yes], [have_cookie=no], [#include <libdevmapper.h>])
if test "x$enable_udev" = xyes; then
if test "x$have_cookie" = xno; then
......
......@@ -25,6 +25,11 @@ static uint32_t _dm_crypt_flags = 0;
static int _dm_use_count = 0;
static struct crypt_device *_context = NULL;
/* Check if we have DM flag to instruct kernel to force wipe buffers */
#if !HAVE_DECL_DM_TASK_SECURE_DATA
static int dm_task_secure_data(struct dm_task *dmt) { return 1; }
#endif
/* Compatibility for old device-mapper without udev support */
#if HAVE_DECL_DM_UDEV_DISABLE_DISK_RULES_FLAG
#define CRYPT_TEMP_UDEV_FLAGS DM_UDEV_DISABLE_SUBSYSTEM_RULES_FLAG | \
......@@ -469,6 +474,8 @@ int dm_create_device(const char *name,
goto out_no_removal;
}
if (!dm_task_secure_data(dmt))
goto out_no_removal;
if (read_only && !dm_task_set_ro(dmt))
goto out_no_removal;
if (!dm_task_add_target(dmt, 0, size, DM_CRYPT_TARGET, params))
......@@ -593,6 +600,8 @@ int dm_query_device(const char *name,
if (!(dmt = dm_task_create(DM_DEVICE_TABLE)))
goto out;
if (!dm_task_secure_data(dmt))
goto out;
if (!dm_task_set_name(dmt, name))
goto out;
r = -ENODEV;
......@@ -698,6 +707,9 @@ static int _dm_message(const char *name, const char *msg)
if (!(dmt = dm_task_create(DM_DEVICE_TARGET_MSG)))
return 0;
if (!dm_task_secure_data(dmt))
goto out;
if (name && !dm_task_set_name(dmt, name))
goto out;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment