Re: [linux-lvm] Virtualization and LVM data security

[Zdenek Kabelac <zdenek.kabelac@gmail.com>]

Dne 24.10.2014 v 19:30 IB Development Team napsal(a):
> Hello,
>
> Is there any way to make LVM2 tools wipe added/freed LV space or plans to add
> such functionality?
>

lvm.conf    devices { issue_discard = 1 }

See it that fits your need ?
Note: when using this option - vg/lvremove becomes 'irreversible'operation.

> When LVM based storage is used for guest virtual disks, it is possible that
> after resizing/snapshoting LV, disk data fragments from one guest will be
> visible to other guest, which may cause serious security problems if not wiped
> somehow; some pages with more info in this topic:
>
> http://blog.brightbox.co.uk/posts/secure-virtual-disk-deletion-is-your-data-safe
> http://brightbox.com/blog/2012/04/27/dirty-disks/
> http://docs.openstack.org/security-guide/content/ch046_data-residency.html
>
> Don't know LVM2 internals well but if there is no such functionality in LVM2
> now, maybe adding options like --wipe and --wipe-bandwidth (to allow one to
> control I/O load while wiping) for create/resize/remove/snapshot commands (and
> other maybe if such risk exist there) will be possible in future LVM versions
> to better meet security requirements in virtualized environments?

thin provisioning with zeroing enabled for thin-pool -Zy is likely better option.

There is no extra utility like  'fstrim' from empty space in volume group.

Note: you could obviously implement 'workaround' something like:

lvcreate -l100%FREE -n trim_me vg
blkdiscard /dev/vg/trim_me
(or if disk doesn't support TRIM -   dd if=/dev/zero of=/dev/vg/trim_me....)
lvremove vg/trim_me

Zdenek