lomount.c: don't use mlockall if CRYPT_NONE

loop back mounting emits two system calls: mount and mlockall.
mount is obviously needed. mlockall is needed for encryption.
As the result both CAP_SYS_ADMIN and CAP_IPC_LOCK are needed
to do loopback mounting.

The problem is that CAP_IPC_LOCK is always needed through my
command doesn't need encryption.

With the following patch, mount calls mlockall only when
encryption is needed.

Signed-off-by: Masatake YAMATO <jet@gyve.org>

1 files changed, 7 insertions, 6 deletions

diff --git a/mount/lomount.c b/mount/lomount.c
index f8fd0e28d..ae9eb36e7 100644
--- a/mount/lomount.c
+++ b/mount/lomount.c
@@ -311,16 +311,17 @@ set_loop(const char *device, const char *file, unsigned long long offset,
 
 	loopinfo64.lo_offset = offset;
 
-#ifdef MCL_FUTURE  
+#ifdef MCL_FUTURE
 	/*
 	 * Oh-oh, sensitive data coming up. Better lock into memory to prevent
 	 * passwd etc being swapped out and left somewhere on disk.
 	 */
-                                                
-	if(mlockall(MCL_CURRENT | MCL_FUTURE)) {
-		perror("memlock");
-		fprintf(stderr, _("Couldn't lock into memory, exiting.\n"));
-		exit(1);
+	if (loopinfo64.lo_encrypt_type != LO_CRYPT_NONE) {
+		if(mlockall(MCL_CURRENT | MCL_FUTURE)) {
+			perror("memlock");
+			fprintf(stderr, _("Couldn't lock into memory, exiting.\n"));
+			exit(1);
+		}
 	}
 #endif