[linux-lvm] LVM and RO device/partition(s)
patatetom at gmail.com
Mon Mar 20 16:37:34 UTC 2023
I come back to you with the memo mentioned :
I hope that it will allow you to better understand this problem of
alteration of the disk.
as I mentioned, LVM should normally/theoretically not touch the disk as
long as it is read-only, but what bothers me the most is the fact that I
can't "catch up" by correcting the new 6.1.15 kernel as I did before.
Le lun. 20 mars 2023 à 15:15, lacsaP Patatetom <patatetom at gmail.com> a
> thank you for this first feedback.
> I am writing a memo on github and will communicate the url soon.
> my question is in the context of digital investigation which does not
> admit the alteration of the medium.
> of course, there are combinations (/etc/lvm.conf + snap at nbd for example)
> which allow in fine not to alter the media but I don't understand why a
> media set in read-only mode - eg. chmod 444 + blockdev --setro set before
> LVM process - is not protected against LVM modifications...
> regards, lacsaP.
> Le lun. 20 mars 2023 à 15:00, Zdenek Kabelac <zdenek.kabelac at gmail.com> a
> écrit :
>> Dne 19. 03. 23 v 11:27 Pascal napsal(a):
>> > hi,
>> > the bio_check_ro function of the blk-core.c source file of the Linux
>> > refers to LVM :
>> > how does LVM currently behave when faced with a device marked as
>> readonly ?
>> > does it automatically switch itself in readonly mode?
>> > according to some tests carried out in a virtual machine, it seems that
>> > doesn't and that LVM modifies the disk/partition(s) even though they
>> are all
>> > readonly (chmod 444 && blockdev --setro).
>> There is no extra logic around RO devices in lvm2. When lvm2 succeeds
>> device in write mode, it'll use it for writing.
>> Also note - when you 'activate' a LV in read-write mode - someone opens
>> LV/device and you later on 'lvchange' such active LV to read-only mode -
>> writers will keep writing to such device.
>> It's not quite clear which kind of problem you are actually hitting - so
>> adding some more descriptive environment + logs might give more info
>> your individual case.
>> Note: root admin typically can overwrite any 'mild' protections...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the linux-lvm