Support encrypted swap

This commit is contained in:
hellekin 2013-12-16 17:41:49 -03:00
parent 0e49dfc7a0
commit 7f2fd4d60c

36
tomb
View File

@ -138,11 +138,47 @@ check_swap() {
# Return 2 if swap(s) is(are) used, but ALL encrypted # Return 2 if swap(s) is(are) used, but ALL encrypted
local swaps=$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null) local swaps=$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null)
[[ -z "$swaps" ]] && return 0 # No swap partition is active [[ -z "$swaps" ]] && return 0 # No swap partition is active
# Check whether all swaps are encrypted, and return 2
# If any of the swaps is not encrypted, we bail out and return 1.
ret=1
for s in $=swaps; do
bone=`sudo file $s`
if `echo "$bone" | grep 'swap file' &>/dev/null`; then
# It's a regular (unencrypted) swap file
ret=1
break
elif `echo "$bone" | grep 'symbolic link' &>/dev/null`; then
# Might link to a block
ret=1
if [ "/dev/mapper" = "${s%/*}" ]; then
is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
if [ "crypt" = "$is_crypt" ]; then
ret=2
fi
else
break
fi
elif `echo "$bone" | grep 'block special' &>/dev/null`; then
# Is a block
ret=1
is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
if [ "crypt" = "$is_crypt" ]; then
ret=2
else
break
fi
fi
done
no "An active swap partition is detected, this poses security risks." no "An active swap partition is detected, this poses security risks."
if [[ $ret -eq 2 ]]; then
yes "All your swaps are belong to crypt. Good."
else
no "You can deactivate all swap partitions using the command:" no "You can deactivate all swap partitions using the command:"
no " swapoff -a" no " swapoff -a"
no "But if you want to proceed like this, use the -f (force) flag." no "But if you want to proceed like this, use the -f (force) flag."
die "Operation aborted." die "Operation aborted."
fi
return $ret
} }
# Ask user for a password # Ask user for a password