Re: [linux-lvm] Virtualization and LVM data security

[IB Development Team <dev@ib.pl>]

W dniu 2014-10-25 o 14:50, Zdenek Kabelac pisze:

>> Is there any way to make LVM2 tools wipe added/freed LV space or plans to add
>> such functionality?

> lvm.conf    devices { issue_discard = 1 }
>
> See it that fits your need ?
> Note: when using this option - vg/lvremove becomes 'irreversible'operation.

issue_discard seems to require "underlying storage support" which is probably not available in 
common RAID/SATA/SAS/DRBD scenarios. Universal, open (source) solution would be better here probably 
(with hardware alternatives where possible).

>> When LVM based storage is used for guest virtual disks, it is possible that
>> after resizing/snapshoting LV, disk data fragments from one guest will be
>> visible to other guest, which may cause serious security problems if not wiped
>> somehow[...]

> thin provisioning with zeroing enabled for thin-pool -Zy is likely better option.

Sounds interesting. Is it stable solution for production systems? Does it perform not worse than 
"regular" preallocated LV?

> Note: you could obviously implement 'workaround' something like:
>
> lvcreate -l100%FREE -n trim_me vg
> blkdiscard /dev/vg/trim_me
> (or if disk doesn't support TRIM -   dd if=/dev/zero of=/dev/vg/trim_me....)
> lvremove vg/trim_me

If I understand correctly, in this scenario, guest data may still be present outside "cleaned" LV 
(i.e. data that was saved outside LV in snapshot LV during backups). If so - cleaning should be 
probably done transparently by LVM "software" layer, even without "underlying storage support".

Regards,
Pawel

IB Development Team
https://dev.ib.pl/