From 1effb099424eab42720485477e56fab8d1bff2de Mon Sep 17 00:00:00 2001 From: "dyoung@redhat.com" Date: Fri, 29 Mar 2013 16:25:39 +0800 Subject: [PATCH] error out if dump target is encrypted We do not support dump to an encrypted disk now, so adding the functions to error out if any of the dump target is encrypted. This patch is based on the check resettable patches from BaoQuan which added some dracut functions for iterating block devices. Currently dracut support an encrypted rootfs, but it need interacive entering passcode. It might be possible to use some keyfile to pass the key checking. But let's fisrtly check and error out. In the future if there's such requirement we can look into it that time. Tested in F18 with encrypted root, encrypted disk other than root and dump_to_rootfs with encrypted root. Signed-off-by: Dave Young Acked-by: Vivek Goyal --- mkdumprd | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/mkdumprd b/mkdumprd index c85fe2a..0be02f6 100644 --- a/mkdumprd +++ b/mkdumprd @@ -411,6 +411,45 @@ if ! check_resettable; then exit 1 fi +# $1: maj:min +is_crypt() +{ + local majmin=$1 dev line ID_FS_TYPE="" + + line=$(udevadm info --query=property --path=/sys/dev/block/$majmin \ + | grep "^ID_FS_TYPE") + eval "$line" + [[ "$ID_FS_TYPE" = "crypto_LUKS" ]] && { + dev=$(udevadm info --query=all --path=/sys/dev/block/$majmin | awk -F= '/DEVNAME/{print $2}') + perror "Device $dev is encrypted, can not be used in kdump." + return 0 + } + return 1 +} + +check_crypt() +{ + local _ret _target + + for_each_block_target is_crypt + _ret=$? + + [ $_ret -eq 0 ] && return + + if [ $_ret -eq 1 ]; then + _target=$(get_block_dump_target) + perror "Can not save vmcore to target device $_target." + elif [ $_ret -eq 2 ]; then + perror "Default action is dump_to_rootfs but can not save vmcore to root device." + fi + + return 1 +} + +if ! check_crypt; then + exit 1 +fi + # firstly get right SSH_KEY_LOCATION keyfile=$(awk '/^sshkey/ {print $2}' $conf_file) if [ -f "$keyfile" ]; then