journal: set secure deletion flags for FSS file

This commit is contained in:
Lennart Poettering 2012-08-17 22:10:11 +02:00
parent 6c7be122ac
commit f982e6f761
2 changed files with 15 additions and 1 deletions

2
TODO
View File

@ -49,6 +49,8 @@ Bugfixes:
Features: Features:
* man: document in ExecStart= explicitly that we don't take shell command lines, only executable names with arguments
* shutdown: don't read-only mount anything when running in container * shutdown: don't read-only mount anything when running in container
* nspawn: --read-only is not applied recursively to submounts * nspawn: --read-only is not applied recursively to submounts

View File

@ -30,6 +30,8 @@
#include <time.h> #include <time.h>
#include <getopt.h> #include <getopt.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/ioctl.h>
#include <linux/fs.h>
#include <systemd/sd-journal.h> #include <systemd/sd-journal.h>
@ -453,7 +455,7 @@ static int setup_keys(void) {
size_t mpk_size, seed_size, state_size, i; size_t mpk_size, seed_size, state_size, i;
uint8_t *mpk, *seed, *state; uint8_t *mpk, *seed, *state;
ssize_t l; ssize_t l;
int fd = -1, r; int fd = -1, r, attr = 0;
sd_id128_t machine, boot; sd_id128_t machine, boot;
char *p = NULL, *k = NULL; char *p = NULL, *k = NULL;
struct FSSHeader h; struct FSSHeader h;
@ -530,6 +532,16 @@ static int setup_keys(void) {
goto finish; goto finish;
} }
/* Enable secure remove, exclusion from dump, synchronous
* writing and in-place updating */
if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0)
log_warning("FS_IOC_GETFLAGS failed: %m");
attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0)
log_warning("FS_IOC_SETFLAGS failed: %m");
zero(h); zero(h);
memcpy(h.signature, "KSHHRHLP", 8); memcpy(h.signature, "KSHHRHLP", 8);
h.machine_id = machine; h.machine_id = machine;