journal: set secure deletion flags for FSS file

This commit is contained in:
Lennart Poettering 2012-08-17 22:10:11 +02:00
parent 6c7be122ac
commit f982e6f761
2 changed files with 15 additions and 1 deletions

2
TODO
View File

@ -49,6 +49,8 @@ Bugfixes:
Features:
* man: document in ExecStart= explicitly that we don't take shell command lines, only executable names with arguments
* shutdown: don't read-only mount anything when running in container
* nspawn: --read-only is not applied recursively to submounts

View File

@ -30,6 +30,8 @@
#include <time.h>
#include <getopt.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <linux/fs.h>
#include <systemd/sd-journal.h>
@ -453,7 +455,7 @@ static int setup_keys(void) {
size_t mpk_size, seed_size, state_size, i;
uint8_t *mpk, *seed, *state;
ssize_t l;
int fd = -1, r;
int fd = -1, r, attr = 0;
sd_id128_t machine, boot;
char *p = NULL, *k = NULL;
struct FSSHeader h;
@ -530,6 +532,16 @@ static int setup_keys(void) {
goto finish;
}
/* Enable secure remove, exclusion from dump, synchronous
* writing and in-place updating */
if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0)
log_warning("FS_IOC_GETFLAGS failed: %m");
attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0)
log_warning("FS_IOC_SETFLAGS failed: %m");
zero(h);
memcpy(h.signature, "KSHHRHLP", 8);
h.machine_id = machine;