From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id c8ndRV2086H1 for <dm-crypt@saout.de>;
 Tue, 29 Nov 2011 19:17:45 +0100 (CET)
Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Tue, 29 Nov 2011 19:17:44 +0100 (CET)
Received: from gatewagner.dyndns.org (84-74-163-71.dclient.hispeed.ch
 [84.74.163.71]) by v4.tansi.org (Postfix) with ESMTPA id C1E4A1404002
 for <dm-crypt@saout.de>; Tue, 29 Nov 2011 19:17:44 +0100 (CET)
Date: Tue, 29 Nov 2011 19:17:44 +0100
From: Arno Wagner <arno@wagner.name>
Message-ID: <20111129181744.GA20964@tansi.org>
References: <CAPTy4spxBbjED5UjS0A653zbuhVsJHx5b_69P9G=7Eb8FWqGHg@mail.gmail.com>
 <20111129173124.GA20264@tansi.org> <1322588418.1932.12.camel@scapa>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <1322588418.1932.12.camel@scapa>
Subject: Re: [dm-crypt] Verify LUKS password
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Tue, Nov 29, 2011 at 06:40:18PM +0100, Yves-Alexis Perez wrote:
> On mar., 2011-11-29 at 18:31 +0100, Arno Wagner wrote:
> > If you actually want to remove the LUKS mapping (i.e. "close" the
> > LUKS container) when the screen safer engages and remap the LUKS
> > container when the screensaver is unlocked, then this is complicated.
> > It mau also not be what you want, given that unmapping the LUKS
> > container with open files is eiter not possible or can result in
> > arbitrary data corruption (I have not tried it). So you would
> > need to do something like this on screenlocker-engage:
> >=20
> > 1. Determine all open files in the LUKS container
> > 2. Terminate all applications that have these files open
> > 3. Unmount the LUKS container and verify it did unmount.
> >    If unmount fails, go to 1. (An application could have opened
> >    a file in between...) Maybe you can also do a ro remount first.
> > 4. Unmap the LUKS container.
> >=20
> > Now, this would need to be somehow script-driven from the=20
> > screensaver. Whether automated application clsoe is a good idea=20
> > depends very much on the situation and is generally _not_ a good=20
> > idea.
> >=20
>=20
> What about luksSuspend operation?

Well, maybe. If _all_ used applications can deal with=20
I/O calls to take forever.=20

Arno
--=20
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.nam=
e=20
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of=20
"news" is "something that hardly ever happens." -- Bruce Schneier=20