2011-04-05 Milan Broz <mbroz@redhat.com>
* Add exception to COPYING for binary distribution linked with OpenSSL library.
+ * Set secure data flag (wipe all ioclt buffers) if devmapper library supports it.
2011-01-29 Milan Broz <mbroz@redhat.com>
* Fix mapping removal if device disappeared but node still exists.
LIBS=$saved_LIBS
LIBS="$LIBS $DEVMAPPER_LIBS"
+AC_CHECK_DECLS([dm_task_secure_data], [], [], [#include <libdevmapper.h>])
AC_CHECK_DECLS([DM_UDEV_DISABLE_DISK_RULES_FLAG], [have_cookie=yes], [have_cookie=no], [#include <libdevmapper.h>])
if test "x$enable_udev" = xyes; then
if test "x$have_cookie" = xno; then
static int _dm_use_count = 0;
static struct crypt_device *_context = NULL;
+/* Check if we have DM flag to instruct kernel to force wipe buffers */
+#if !HAVE_DECL_DM_TASK_SECURE_DATA
+static int dm_task_secure_data(struct dm_task *dmt) { return 1; }
+#endif
+
/* Compatibility for old device-mapper without udev support */
#if HAVE_DECL_DM_UDEV_DISABLE_DISK_RULES_FLAG
#define CRYPT_TEMP_UDEV_FLAGS DM_UDEV_DISABLE_SUBSYSTEM_RULES_FLAG | \
goto out_no_removal;
}
+ if (!dm_task_secure_data(dmt))
+ goto out_no_removal;
if (read_only && !dm_task_set_ro(dmt))
goto out_no_removal;
if (!dm_task_add_target(dmt, 0, size, DM_CRYPT_TARGET, params))
if (!(dmt = dm_task_create(DM_DEVICE_TABLE)))
goto out;
+ if (!dm_task_secure_data(dmt))
+ goto out;
if (!dm_task_set_name(dmt, name))
goto out;
r = -ENODEV;
if (!(dmt = dm_task_create(DM_DEVICE_TARGET_MSG)))
return 0;
+ if (!dm_task_secure_data(dmt))
+ goto out;
+
if (name && !dm_task_set_name(dmt, name))
goto out;