diff options
author | Masatake YAMATO | 2007-05-08 13:52:18 +0200 |
---|---|---|
committer | Karel Zak | 2007-07-10 14:05:45 +0200 |
commit | d33279c2e3bdaff7a3c9c7f6df60da75d7969ad4 (patch) | |
tree | b779c5b1d19c1adfdb54396afdcf4131747eef26 /mount/lomount.c | |
parent | fdisk: when generating a DOS disk label, give it an ID (diff) | |
download | kernel-qcow2-util-linux-d33279c2e3bdaff7a3c9c7f6df60da75d7969ad4.tar.gz kernel-qcow2-util-linux-d33279c2e3bdaff7a3c9c7f6df60da75d7969ad4.tar.xz kernel-qcow2-util-linux-d33279c2e3bdaff7a3c9c7f6df60da75d7969ad4.zip |
lomount.c: don't use mlockall if CRYPT_NONE
loop back mounting emits two system calls: mount and mlockall.
mount is obviously needed. mlockall is needed for encryption.
As the result both CAP_SYS_ADMIN and CAP_IPC_LOCK are needed
to do loopback mounting.
The problem is that CAP_IPC_LOCK is always needed through my
command doesn't need encryption.
With the following patch, mount calls mlockall only when
encryption is needed.
Signed-off-by: Masatake YAMATO <jet@gyve.org>
Diffstat (limited to 'mount/lomount.c')
-rw-r--r-- | mount/lomount.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/mount/lomount.c b/mount/lomount.c index f8fd0e28d..ae9eb36e7 100644 --- a/mount/lomount.c +++ b/mount/lomount.c @@ -311,16 +311,17 @@ set_loop(const char *device, const char *file, unsigned long long offset, loopinfo64.lo_offset = offset; -#ifdef MCL_FUTURE +#ifdef MCL_FUTURE /* * Oh-oh, sensitive data coming up. Better lock into memory to prevent * passwd etc being swapped out and left somewhere on disk. */ - - if(mlockall(MCL_CURRENT | MCL_FUTURE)) { - perror("memlock"); - fprintf(stderr, _("Couldn't lock into memory, exiting.\n")); - exit(1); + if (loopinfo64.lo_encrypt_type != LO_CRYPT_NONE) { + if(mlockall(MCL_CURRENT | MCL_FUTURE)) { + perror("memlock"); + fprintf(stderr, _("Couldn't lock into memory, exiting.\n")); + exit(1); + } } #endif |