error out if dump target is encrypted

We do not support dump to an encrypted disk now, so adding the functions to
error out if any of the dump target is encrypted.

This patch is based on the check resettable patches from BaoQuan which added
some dracut functions for iterating block devices.

Currently dracut support an encrypted rootfs, but it need interacive entering
passcode. It might be possible to use some keyfile to pass the key checking.
But let's fisrtly check and error out. In the future if there's such
requirement we can look into it that time.

Tested in F18 with encrypted root, encrypted disk other than root and
dump_to_rootfs with encrypted root.

Signed-off-by: Dave Young <dyoung@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
This commit is contained in:
dyoung@redhat.com 2013-03-29 16:25:39 +08:00 committed by Baoquan He
parent d9f06888a0
commit 1effb09942

View File

@ -411,6 +411,45 @@ if ! check_resettable; then
exit 1 exit 1
fi fi
# $1: maj:min
is_crypt()
{
local majmin=$1 dev line ID_FS_TYPE=""
line=$(udevadm info --query=property --path=/sys/dev/block/$majmin \
| grep "^ID_FS_TYPE")
eval "$line"
[[ "$ID_FS_TYPE" = "crypto_LUKS" ]] && {
dev=$(udevadm info --query=all --path=/sys/dev/block/$majmin | awk -F= '/DEVNAME/{print $2}')
perror "Device $dev is encrypted, can not be used in kdump."
return 0
}
return 1
}
check_crypt()
{
local _ret _target
for_each_block_target is_crypt
_ret=$?
[ $_ret -eq 0 ] && return
if [ $_ret -eq 1 ]; then
_target=$(get_block_dump_target)
perror "Can not save vmcore to target device $_target."
elif [ $_ret -eq 2 ]; then
perror "Default action is dump_to_rootfs but can not save vmcore to root device."
fi
return 1
}
if ! check_crypt; then
exit 1
fi
# firstly get right SSH_KEY_LOCATION # firstly get right SSH_KEY_LOCATION
keyfile=$(awk '/^sshkey/ {print $2}' $conf_file) keyfile=$(awk '/^sshkey/ {print $2}' $conf_file)
if [ -f "$keyfile" ]; then if [ -f "$keyfile" ]; then