lomount.c: don't use mlockall if CRYPT_NONE

loop back mounting emits two system calls: mount and mlockall.
mount is obviously needed. mlockall is needed for encryption.
As the result both CAP_SYS_ADMIN and CAP_IPC_LOCK are needed
to do loopback mounting.

The problem is that CAP_IPC_LOCK is always needed through my
command doesn't need encryption.

With the following patch, mount calls mlockall only when
encryption is needed.

Signed-off-by: Masatake YAMATO <jet@gyve.org>

diff --git a/mount/lomount.c b/mount/lomount.c
index f8fd0e28d10270ba89b8b62ea0160d13d4528c62..ae9eb36e73608473436b34280e7788688747178f 100644 (file)
--- a/mount/lomount.c
+++ b/mount/lomount.c
@@ -311,16 +311,17 @@ set_loop(const char *device, const char *file, unsigned long long offset,
 
        loopinfo64.lo_offset = offset;
 
-#ifdef MCL_FUTURE  
+#ifdef MCL_FUTURE
        /*
         * Oh-oh, sensitive data coming up. Better lock into memory to prevent
         * passwd etc being swapped out and left somewhere on disk.
         */
-                                                
-       if(mlockall(MCL_CURRENT | MCL_FUTURE)) {
-               perror("memlock");
-               fprintf(stderr, _("Couldn't lock into memory, exiting.\n"));
-               exit(1);
+       if (loopinfo64.lo_encrypt_type != LO_CRYPT_NONE) {
+               if(mlockall(MCL_CURRENT | MCL_FUTURE)) {
+                       perror("memlock");
+                       fprintf(stderr, _("Couldn't lock into memory, exiting.\n"));
+                       exit(1);
+               }
        }
 #endif