[linux-lvm] Virtualization and LVM data security
IB Development Team
dev at ib.pl
Sat Oct 25 17:38:39 UTC 2014
W dniu 2014-10-25 o 14:50, Zdenek Kabelac pisze:
>> Is there any way to make LVM2 tools wipe added/freed LV space or plans to add
>> such functionality?
> lvm.conf devices { issue_discard = 1 }
>
> See it that fits your need ?
> Note: when using this option - vg/lvremove becomes 'irreversible'operation.
issue_discard seems to require "underlying storage support" which is probably not available in
common RAID/SATA/SAS/DRBD scenarios. Universal, open (source) solution would be better here probably
(with hardware alternatives where possible).
>> When LVM based storage is used for guest virtual disks, it is possible that
>> after resizing/snapshoting LV, disk data fragments from one guest will be
>> visible to other guest, which may cause serious security problems if not wiped
>> somehow[...]
> thin provisioning with zeroing enabled for thin-pool -Zy is likely better option.
Sounds interesting. Is it stable solution for production systems? Does it perform not worse than
"regular" preallocated LV?
> Note: you could obviously implement 'workaround' something like:
>
> lvcreate -l100%FREE -n trim_me vg
> blkdiscard /dev/vg/trim_me
> (or if disk doesn't support TRIM - dd if=/dev/zero of=/dev/vg/trim_me....)
> lvremove vg/trim_me
If I understand correctly, in this scenario, guest data may still be present outside "cleaned" LV
(i.e. data that was saved outside LV in snapshot LV during backups). If so - cleaning should be
probably done transparently by LVM "software" layer, even without "underlying storage support".
Regards,
Pawel
IB Development Team
https://dev.ib.pl/
More information about the linux-lvm
mailing list