diff options
| -rw-r--r-- | crypttab.5 | 10 | ||||
| -rwxr-xr-x | rc.d/rc.sysinit | 20 |
2 files changed, 27 insertions, 3 deletions
@@ -102,6 +102,16 @@ with some of them encrypting the swap partitions and some of them not.) option will destroy the contents of the named partition during every boot, so make sure the underlying block device is specified correctly. +.TP +\fBtmp\fR +The encrypted block device will be prepared for using it as tmp partition: +it will be formatted using +.B mke2fs +and its root directory will be set to mode 01777. +The warning about the +.B swap +option applies here as well. + .PP No options can be specified for LUKS encrypted partitions. diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit index cb07660c..c04a434d 100755 --- a/rc.d/rc.sysinit +++ b/rc.d/rc.sysinit @@ -105,7 +105,7 @@ key_is_random() { # encrypted but /var/lib/random-seed is needed to initialize swap. init_crypto() { local have_random dst src key opt mode owner params makeswap skip arg opt - local param value rc ret + local param value rc ret mke2fs mdir ret=0 have_random=$1 @@ -135,6 +135,7 @@ init_crypto() { fi params="" makeswap="" + mke2fs="" skip="" # Parse the options field, convert to cryptsetup parameters # and contruct the command line @@ -172,6 +173,9 @@ init_crypto() { ;; swap) makeswap=yes + ;; + tmp) + mke2fs=yes esac done if [ "$skip" = "yes" ]; then @@ -205,8 +209,18 @@ init_crypto() { ret=1 continue fi - if [ "$makeswap" = "yes" -a -b "/dev/mapper/$dst" ]; then - mkswap "/dev/mapper/$dst" 2>/dev/null >/dev/null + if [ -b "/dev/mapper/$dst" ]; then + if [ "$makeswap" = "yes" ]; then + mkswap "/dev/mapper/$dst" 2>/dev/null >/dev/null + fi + if [ "$mke2fs" = "yes" ]; then + if mke2fs "/dev/mapper/$dst" 2>/dev/null >/dev/null \ + && mdir=$(mktemp -d /tmp/mountXXXXXX); then + mount "/dev/mapper/$dst" "$mdir" && chmod 1777 "$mdir" + umount "$mdir" + rmdir "$mdir" + fi + fi fi done < /etc/crypttab return $ret |