Re: Zeroing out rbd image or volume

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



thanks a lot for all. Looks like dd zero does not help much about improving security, but OSD encryption would be sufficent.

best regards,

Samuel



huxiaoyu@xxxxxxxxxxxx
 
From: Wido den Hollander
Date: 2020-05-12 14:03
To: Paul Emmerich; Dillaman, Jason
CC: Marc Roos; ceph-users
Subject:  Re: Zeroing out rbd image or volume
 
 
On 5/12/20 1:54 PM, Paul Emmerich wrote:
> And many hypervisors will turn writing zeroes into an unmap/trim (qemu
> detect-zeroes=unmap), so running trim on the entire empty disk is often the
> same as writing zeroes.
> So +1 for encryption being the proper way here
> 
 
+1
 
And to add to this: No, a newly created RBD image will never have 'left
over' bits and bytes from a previous RBD image.
 
I had to explain this multiple times to people which were used to old
(i)SCSI setups where partitions could have leftover data from a
previously created LUN.
 
With RBD this won't happen.
 
Wido
 
> 
> Paul
> 
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
 
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux