From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FgYZlFToDtvT for ; Tue, 29 Nov 2011 18:40:36 +0100 (CET) Received: from smtp3-g21.free.fr (smtp3-g21.free.fr [IPv6:2a01:e0c:1:1599::12]) by mail.saout.de (Postfix) with ESMTP for ; Tue, 29 Nov 2011 18:40:35 +0100 (CET) Received: from molly.corsac.net (unknown [78.192.68.46]) by smtp3-g21.free.fr (Postfix) with ESMTP id 46914A66F2 for ; Tue, 29 Nov 2011 18:40:31 +0100 (CET) Message-ID: <1322588418.1932.12.camel@scapa> From: Yves-Alexis Perez Date: Tue, 29 Nov 2011 18:40:18 +0100 In-Reply-To: <20111129173124.GA20264@tansi.org> References: <20111129173124.GA20264@tansi.org> Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-vOv8x35Besi5RQKUjKP2" Mime-Version: 1.0 Subject: Re: [dm-crypt] Verify LUKS password List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Arno Wagner Cc: dm-crypt@saout.de --=-vOv8x35Besi5RQKUjKP2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On mar., 2011-11-29 at 18:31 +0100, Arno Wagner wrote: > If you actually want to remove the LUKS mapping (i.e. "close" the > LUKS container) when the screen safer engages and remap the LUKS > container when the screensaver is unlocked, then this is complicated. > It mau also not be what you want, given that unmapping the LUKS > container with open files is eiter not possible or can result in > arbitrary data corruption (I have not tried it). So you would > need to do something like this on screenlocker-engage: >=20 > 1. Determine all open files in the LUKS container > 2. Terminate all applications that have these files open > 3. Unmount the LUKS container and verify it did unmount. > If unmount fails, go to 1. (An application could have opened > a file in between...) Maybe you can also do a ro remount first. > 4. Unmap the LUKS container. >=20 > Now, this would need to be somehow script-driven from the=20 > screensaver. Whether automated application clsoe is a good idea=20 > depends very much on the situation and is generally _not_ a good=20 > idea. >=20 What about luksSuspend operation? Regards, --=20 Yves-Alexis --=-vOv8x35Besi5RQKUjKP2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAABCAAGBQJO1RkCAAoJEDBVD3hx7wuo+RcP/3Xr1gcfNG7rxPkYzOTsG0Xx vvMbxyDp3DM1snk9dSz9f+xn5p0Mqp0SvsMFIKlRHK5Wev1isNXQCJgwTlVLgPRB ZJsdt4Ub6Xn26chsJ4qpYVZzjXblW2w/7al7+I8zdlNE5DFwTbCNj1aBENMCIM6P BHprsHQKXhSb9w4McXWOiLR5TsFbrAticd4Z+zbYF6rmSDeO7xQFY1g1vUPRpwSm JP6Lllgc0lllqso8U8TP5tXSX09zt/8VZwkCyyZqCYrM1RvMZ20LQqt4LgQD4tm9 J5uiUsCaBdPYMnXu70e56q0LtCv9tvo4o5fxzSD2T/9kNrO/jyb9FVB/FX6ijuuN N78PNQsK6/0AO4mbFChZRlmWJEW5zui9i+PoPox8n2qOy+TMq32Zed9uQ8g6JDz7 vpH+dAaQ2EUECo9z/uQYweQbf8TKF7R1pHYC9e/nh2oSSJQ1AuooeITbZ6bjxoj4 8GA5gSTr96VoxpoeK6GqprLBJQqQzYXp/KtcxFgGDiqKrEoY345PPxbgOceaD9WV R1LREoJDcTGejRxwbbimecXCV2Q+pUya0ikkNz7tiO2ytK/2AoZQIUsgf9OPwZLg HzUjAQU4qX91TNYF0+lKk9efR0L+u/53Yw3IRI8vr5GVx+nq5Qd5cFGBHahUggjj mEicu2RcbdhxhOoOZtU9 =idW5 -----END PGP SIGNATURE----- --=-vOv8x35Besi5RQKUjKP2--