diff --git a/tomb b/tomb index 7132d27..af55923 100755 --- a/tomb +++ b/tomb @@ -138,11 +138,47 @@ check_swap() { # Return 2 if swap(s) is(are) used, but ALL encrypted local swaps=$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null) [[ -z "$swaps" ]] && return 0 # No swap partition is active + # Check whether all swaps are encrypted, and return 2 + # If any of the swaps is not encrypted, we bail out and return 1. + ret=1 + for s in $=swaps; do + bone=`sudo file $s` + if `echo "$bone" | grep 'swap file' &>/dev/null`; then + # It's a regular (unencrypted) swap file + ret=1 + break + elif `echo "$bone" | grep 'symbolic link' &>/dev/null`; then + # Might link to a block + ret=1 + if [ "/dev/mapper" = "${s%/*}" ]; then + is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'` + if [ "crypt" = "$is_crypt" ]; then + ret=2 + fi + else + break + fi + elif `echo "$bone" | grep 'block special' &>/dev/null`; then + # Is a block + ret=1 + is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'` + if [ "crypt" = "$is_crypt" ]; then + ret=2 + else + break + fi + fi + done no "An active swap partition is detected, this poses security risks." - no "You can deactivate all swap partitions using the command:" - no " swapoff -a" - no "But if you want to proceed like this, use the -f (force) flag." - die "Operation aborted." + if [[ $ret -eq 2 ]]; then + yes "All your swaps are belong to crypt. Good." + else + no "You can deactivate all swap partitions using the command:" + no " swapoff -a" + no "But if you want to proceed like this, use the -f (force) flag." + die "Operation aborted." + fi + return $ret } # Ask user for a password