error out if dump target is encrypted
We do not support dump to an encrypted disk now, so adding the functions to error out if any of the dump target is encrypted. This patch is based on the check resettable patches from BaoQuan which added some dracut functions for iterating block devices. Currently dracut support an encrypted rootfs, but it need interacive entering passcode. It might be possible to use some keyfile to pass the key checking. But let's fisrtly check and error out. In the future if there's such requirement we can look into it that time. Tested in F18 with encrypted root, encrypted disk other than root and dump_to_rootfs with encrypted root. Signed-off-by: Dave Young <dyoung@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com>
This commit is contained in:
parent
d9f06888a0
commit
1effb09942
39
mkdumprd
39
mkdumprd
@ -411,6 +411,45 @@ if ! check_resettable; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# $1: maj:min
|
||||||
|
is_crypt()
|
||||||
|
{
|
||||||
|
local majmin=$1 dev line ID_FS_TYPE=""
|
||||||
|
|
||||||
|
line=$(udevadm info --query=property --path=/sys/dev/block/$majmin \
|
||||||
|
| grep "^ID_FS_TYPE")
|
||||||
|
eval "$line"
|
||||||
|
[[ "$ID_FS_TYPE" = "crypto_LUKS" ]] && {
|
||||||
|
dev=$(udevadm info --query=all --path=/sys/dev/block/$majmin | awk -F= '/DEVNAME/{print $2}')
|
||||||
|
perror "Device $dev is encrypted, can not be used in kdump."
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
check_crypt()
|
||||||
|
{
|
||||||
|
local _ret _target
|
||||||
|
|
||||||
|
for_each_block_target is_crypt
|
||||||
|
_ret=$?
|
||||||
|
|
||||||
|
[ $_ret -eq 0 ] && return
|
||||||
|
|
||||||
|
if [ $_ret -eq 1 ]; then
|
||||||
|
_target=$(get_block_dump_target)
|
||||||
|
perror "Can not save vmcore to target device $_target."
|
||||||
|
elif [ $_ret -eq 2 ]; then
|
||||||
|
perror "Default action is dump_to_rootfs but can not save vmcore to root device."
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
if ! check_crypt; then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
# firstly get right SSH_KEY_LOCATION
|
# firstly get right SSH_KEY_LOCATION
|
||||||
keyfile=$(awk '/^sshkey/ {print $2}' $conf_file)
|
keyfile=$(awk '/^sshkey/ {print $2}' $conf_file)
|
||||||
if [ -f "$keyfile" ]; then
|
if [ -f "$keyfile" ]; then
|
||||||
|
Loading…
Reference in New Issue
Block a user