Date: Sun, 23 Jun 2013 11:58:48 -0500 From: Scot Hetzel <swhetzel@gmail.com> To: Hiroki Sato <hrs@freebsd.org> Cc: freebsd-current@freebsd.org, freebsd-rc@freebsd.org Subject: Re: RFC: swapon(8) vnode-backed md and gbde/geli encryption support Message-ID: <CACdU%2Bf-OuPNckG%2BMJgfDopbT43xMrLy19LmEzLqgZ_XU9yYX7Q@mail.gmail.com> In-Reply-To: <20130623.035356.644417021040610458.hrs@allbsd.org> References: <20130623.035356.644417021040610458.hrs@allbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 22, 2013 at 1:53 PM, Hiroki Sato <hrs@freebsd.org> wrote: > Hi, > > I created a patchset to add support of automatic generation of > vnode-backed md(4) devices and gbde/geli geom providers to swapon(8) > via /etc/fstab. We already have equivalent functionality by using > rc.d scripts. This simplifies rc.d scripts and fixes a race between > mdconfig/gbde/geli and swapon/swapoff by using /etc/fstab. > > More specifically, the following specification will be supported: > > /dev/ada1p1.bde none swap sw 0 0 > /dev/ada1p2.eli none swap sw 0 0 > md none swap sw,file=/swap.bin 0 0 > md10 none swap sw,file=/swap10.bin 0 0 > md12 none swap sw,file=/usr/swap12.bin,late 0 0 > > Currently, rc.d/swap1, rc.d/encswap handles entries with FSTAB_SW and > then rc.d/addswap for additional swap space specified in rc.conf. > The rc.d/addswap script runs before NETWORKING, so it is difficult to > add a swap space by using a file via NFS on a diskless client. The > "late" keyword in /etc/fstab will give more flexibility in such a > case. > > So, the changes to rc.d scripts are the following: > > rc.d/encswap -> (removed) > rc.d/swap1 -> rc.d/swap > rc.d/swaplate -> (added) > > rc.d/addswap is not removed in the patchset, but is it still > necessary? I do not think using combination of rc.d scripts to > support md(4) device generation for swap spaces is robust, and I > believe /etc/fstab is sufficient for the same functionality. > > Any comments are welcome. Thank you. > The only thing I see is that you are hard coding the geli_swap_flags (i.e. -e aes -l 256 -s 4096 -d) into swapon. It would be better to have swapon read the /etc/fstab file to get these values: /dev/ada1p2.eli none swap sw,ealgo=aes,keylen=256,sectorsize=4096 0 0 /dev/ada2p2.eli none swap sw 0 0 What you could do is that if no options are specified in the swap file, swapon would then use default values for ealgo=aes, keylen=256 and sectorsize=4096. geli onetime [-d] [-a aalgo] [-e ealgo] [-l keylen] [-s sectorsize] prov The options for the geli encrypted swap file in /etc/fstab would then become: aalgo ealgo keylen sectorsize Note: the '-d' option would still be hard coded. -- DISCLAIMER: No electrons were maimed while sending this message. Only slightly bruised.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACdU%2Bf-OuPNckG%2BMJgfDopbT43xMrLy19LmEzLqgZ_XU9yYX7Q>