[Libguestfs] [PATCH 0/1] WIP: Support LUKS-encrypted partitions
Jan Synacek
jsynacek at redhat.com
Tue Jan 21 14:07:11 UTC 2020
The following patch attempts to implement sparsification of
LUKS-encrypted partitions. It uses lsblk to pair the underlying LUKS
block device with its mapped name. Also, --allow-discards was added
by default to luks_open().
There are several potential issues that I can think of:
1) If and entire device is encrypted (not just one of more partitions),
the lsblk trick might not work.
2) The --allow-discards is needed to be able to run fstrim on a
decrypted partition. I *think* that it's safe to be added
unconditionally, but I'm not sure. It might be better to just add
another luks_open() variant that uses the option.
3) As it is right now, lsblk is called for every crypto_LUKS device to
see if a corresponding mapping had been created. I *think* it's good
enough, but keeping a list of (blkdev, mapname) in the daemon memory
and adding an API call to retrieve it might be better.
Comments and pointers on how to proceed further are appreciated.
Jan Synacek (1):
WIP: sparsify: Support LUKS-encrypted partitions
daemon/listfs.ml | 18 +++++++++++++++---
daemon/luks.c | 1 +
2 files changed, 16 insertions(+), 3 deletions(-)
--
2.24.1
More information about the Libguestfs
mailing list