From d33279c2e3bdaff7a3c9c7f6df60da75d7969ad4 Mon Sep 17 00:00:00 2001 From: Masatake YAMATO Date: Tue, 8 May 2007 11:52:18 +0000 Subject: [PATCH] lomount.c: don't use mlockall if CRYPT_NONE loop back mounting emits two system calls: mount and mlockall. mount is obviously needed. mlockall is needed for encryption. As the result both CAP_SYS_ADMIN and CAP_IPC_LOCK are needed to do loopback mounting. The problem is that CAP_IPC_LOCK is always needed through my command doesn't need encryption. With the following patch, mount calls mlockall only when encryption is needed. Signed-off-by: Masatake YAMATO --- mount/lomount.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/mount/lomount.c b/mount/lomount.c index f8fd0e28..ae9eb36e 100644 --- a/mount/lomount.c +++ b/mount/lomount.c @@ -311,16 +311,17 @@ set_loop(const char *device, const char *file, unsigned long long offset, loopinfo64.lo_offset = offset; -#ifdef MCL_FUTURE +#ifdef MCL_FUTURE /* * Oh-oh, sensitive data coming up. Better lock into memory to prevent * passwd etc being swapped out and left somewhere on disk. */ - - if(mlockall(MCL_CURRENT | MCL_FUTURE)) { - perror("memlock"); - fprintf(stderr, _("Couldn't lock into memory, exiting.\n")); - exit(1); + if (loopinfo64.lo_encrypt_type != LO_CRYPT_NONE) { + if(mlockall(MCL_CURRENT | MCL_FUTURE)) { + perror("memlock"); + fprintf(stderr, _("Couldn't lock into memory, exiting.\n")); + exit(1); + } } #endif -- 2.39.5