[linux-lvm] Virtualization and LVM data security
Zdenek Kabelac
zdenek.kabelac at gmail.com
Sat Oct 25 12:50:15 UTC 2014
Dne 24.10.2014 v 19:30 IB Development Team napsal(a):
> Hello,
>
> Is there any way to make LVM2 tools wipe added/freed LV space or plans to add
> such functionality?
>
lvm.conf devices { issue_discard = 1 }
See it that fits your need ?
Note: when using this option - vg/lvremove becomes 'irreversible'operation.
> When LVM based storage is used for guest virtual disks, it is possible that
> after resizing/snapshoting LV, disk data fragments from one guest will be
> visible to other guest, which may cause serious security problems if not wiped
> somehow; some pages with more info in this topic:
>
> http://blog.brightbox.co.uk/posts/secure-virtual-disk-deletion-is-your-data-safe
> http://brightbox.com/blog/2012/04/27/dirty-disks/
> http://docs.openstack.org/security-guide/content/ch046_data-residency.html
>
> Don't know LVM2 internals well but if there is no such functionality in LVM2
> now, maybe adding options like --wipe and --wipe-bandwidth (to allow one to
> control I/O load while wiping) for create/resize/remove/snapshot commands (and
> other maybe if such risk exist there) will be possible in future LVM versions
> to better meet security requirements in virtualized environments?
thin provisioning with zeroing enabled for thin-pool -Zy is likely better option.
There is no extra utility like 'fstrim' from empty space in volume group.
Note: you could obviously implement 'workaround' something like:
lvcreate -l100%FREE -n trim_me vg
blkdiscard /dev/vg/trim_me
(or if disk doesn't support TRIM - dd if=/dev/zero of=/dev/vg/trim_me....)
lvremove vg/trim_me
Zdenek
More information about the linux-lvm
mailing list