summaryrefslogtreecommitdiffstats
path: root/src/machine
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-12-05 16:26:48 +0100
committerLennart Poettering <lennart@poettering.net>2016-12-07 18:38:41 +0100
commit18b5886e562a3702ed8923e568a7555d2ab1880a (patch)
treef5dd924a0fd9f5e8436b3bf85c72167ac89eae32 /src/machine
parentminor code beautifications (diff)
downloadsystemd-18b5886e562a3702ed8923e568a7555d2ab1880a.tar.xz
systemd-18b5886e562a3702ed8923e568a7555d2ab1880a.zip
dissect: add support for encrypted images
This adds support to the image dissector to deal with encrypted images (only LUKS). Given that we now have a neatly isolated image dissector codebase, let's add a new feature to it: support for automatically dealing with encrypted images. This is then exposed in systemd-dissect and nspawn. It's pretty basic: only support for passphrase-based encryption. In order to ensure that "systemd-dissect --mount" results in mount points whose backing LUKS DM devices are cleaned up automatically we use the DM_DEV_REMOVE ioctl() directly on the device (in DM_DEFERRED_REMOVE mode). libgcryptsetup at the moment doesn't provide a proper API for this. Thankfully, the ioctl() API is pretty easy to use.
Diffstat (limited to 'src/machine')
-rw-r--r--src/machine/image-dbus.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/machine/image-dbus.c b/src/machine/image-dbus.c
index 400d8ec7b0..65953b368f 100644
--- a/src/machine/image-dbus.c
+++ b/src/machine/image-dbus.c
@@ -358,7 +358,7 @@ static int raw_image_get_os_release(Image *image, char ***ret, sd_bus_error *err
if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0)
_exit(EXIT_FAILURE);
- r = dissected_image_mount(m, t, DISSECTED_IMAGE_READ_ONLY);
+ r = dissected_image_mount(m, t, DISSECT_IMAGE_READ_ONLY);
if (r < 0)
_exit(EXIT_FAILURE);