Max Vozeler wrote: > I'm looking for a user-friendly way to manage automated fsck of > encrypted loop devices during boot. The current way of managing > fscks (losetup -F, fsck, losetup -d, mount) has one big downside > from a usability perspective: It requires the user to enter the > passphrase twice each time the system boots. > > Today I thought of something else that could work, I'm attaching > a quick proof-of-concept patch to describe it. The idea is that we > could do losetup -F, fsck, leave the loop device allocated and have > mount later re-use the loop device. It would require no changes > apart from an optional init script to take care of the fsck. > > What do you think about this approach? Cool. But mount code needs one more check: it must make sure that loop backing device is exactly the one it is supposed to be. Not checking that could be security hole. It also prevents "pilot errors" that occasionally happen, even to me. Mount refusing to mount because a loop device was already in other use has saved my ass multiple times. :) -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
