[Pkg-ltsp-devel] Bug#690267: ltsp-client: nbd swap files are not removed from the server if swap encryption is enabled
Vagrant Cascadian
vagrant at freegeek.org
Mon Nov 19 20:22:44 UTC 2012
Control: tags 690267 confirmed
Control: severity 690267 important
On Thu, Oct 11, 2012 at 10:41:16PM +0300, George Kiagiadakis wrote:
> NBD swap files seem to be encrypted by default (if no encryption
> option is specified).
> However, the nbd-disconnect script does not handle encrypted swap files.
> Specifically, it tries to do "swapoff /dev/nbd1" where it should actually
> be doing swapoff on /dev/mapper/swap0 and removing the dm-crypt mapping with
> cryptsetup.
>
> The problem is that since nbd-disconnect fails, the swap file is not
> properly removed from the server.
>
> As a workaround, setting ENCRYPT_SWAP=False in lts.conf solves the issue.
Thanks for the report.
I've been trying to debug this, but it seems elusive to me. I can reproduce the
problem, but my attempted fix fails:
=== modified file 'client/share/ltsp/nbd-disconnect'
*** client/share/ltsp/nbd-disconnect 2012-05-14 19:23:51 +0000
--- client/share/ltsp/nbd-disconnect 2012-11-19 20:15:47 +0000
***************
*** 30,39 ****
--- 30,47 ----
case "$device" in
/dev/nbd[1-9])
swapoff "$device"
nbd-client -d "$device"
;;
+ /dev/mapper/swap[0-9])
+ nbd_device=$(cryptsetup status "$device" | egrep 'device:.*/dev/nbd[0-9]' | cut -d : -f 2)
+ if [ -n "$nbd_device" ]; then
+ swapoff "$device"
+ cryptsetup remove "$device"
+ nbd-client -d "$nbd_device"
+ fi
+ ;;
esac
done < /proc/swaps
# If we're not using an nbd root, exit
grep -qw "nbdroot" /proc/cmdline || exit 0
For some reason I can't figure out, the swapoff and "cryptsetup remove"
sucessfully removes the crypted disk, but then the "nbd-client -d" fails... the
nbd module is unloaded at that point.
live well,
vagrant
More information about the Pkg-ltsp-devel
mailing list