Bug#371135: [Pkg-cryptsetup-devel] Bug#371135: encrypted swap with
variable key fails
Jonas Meurer
jonas at freesources.org
Fri Jun 23 14:00:18 UTC 2006
On 22/06/2006 Florian Weimer wrote:
> * Jonas Meurer:
>
> > why do you see any problems? it does nothing else than checking for a
> > known filesystem before destroying any data on the source device.
>
> The current setup doesn't work with volume managers and things like
> that. These don't have any partition types AFAIK. Most people will
> call the volume something which contains the string "swap", I guess,
> so you could use that to check. Or just note the expected volume size
> in the configuration file.
how do you mean? even if the source device is a logical volume, it may
contain a filesystem.
or do you mean the old swap check script which checked for partition
type 'swap'? this one doesn't exist in current cryptsetup any more.
but here, you're right as it fails for logical volumes.
the latest plan for swap encrypted with a random key is to check per
default for known filesystems on the source device, and fail if one
is found. this protects filesystems, uncrypted swap partitions and LUKS
devices from being overwritten.
the only cases that are known to me, where data loss may still occur
are encrypted devices without an identifying header, like plain dm-crypt
devices.
i don't like the idea to check for string 'swap' in the source or target
device, as this would enforce even more restrictions to the admin.
...
jonas
More information about the Pkg-cryptsetup-devel
mailing list