Print this page
*** NO COMMENTS ***
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/lofiadm.1m
+++ new/usr/src/man/man1m/lofiadm.1m
1 1 '\" te
2 2 .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved
3 3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
4 4 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
5 5 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 -.TH LOFIADM 1M "Aug 31, 2009"
6 +.TH LOFIADM 1M "Aug 28, 2013"
7 7 .SH NAME
8 8 lofiadm \- administer files available as block devices through lofi
9 9 .SH SYNOPSIS
10 10 .LP
11 11 .nf
12 -\fB/usr/sbin/lofiadm\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
12 +\fBlofiadm\fR [\fB-r\fR] \fB-a\fR \fIfile\fR [\fIdevice\fR]
13 13 .fi
14 14
15 15 .LP
16 16 .nf
17 -\fB/usr/sbin/lofiadm\fR \fB-c\fR \fIcrypto_algorithm\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
17 +\fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
18 18 .fi
19 19
20 20 .LP
21 21 .nf
22 -\fB/usr/sbin/lofiadm\fR \fB-c\fR \fIcrypto_algorithm\fR \fB-k\fR \fIraw_key_file\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
22 +\fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-k\fR \fIraw_key_file\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
23 23 .fi
24 24
25 25 .LP
26 26 .nf
27 -\fB/usr/sbin/lofiadm\fR \fB-c\fR \fIcrypto_algorithm\fR \fB-T\fR \fItoken_key\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
27 +\fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-T\fR \fItoken_key\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
28 28 .fi
29 29
30 30 .LP
31 31 .nf
32 -\fB/usr/sbin/lofiadm\fR \fB-c\fR \fIcrypto_algorithm\fR \fB-T\fR \fItoken_key\fR
32 +\fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-T\fR \fItoken_key\fR
33 33 \fB-k\fR \fIwrapped_key_file\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
34 34 .fi
35 35
36 36 .LP
37 37 .nf
38 -\fB/usr/sbin/lofiadm\fR \fB-c\fR \fIcrypto_algorithm\fR \fB-e\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
38 +\fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-e\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
39 39 .fi
40 40
41 41 .LP
42 42 .nf
43 -\fB/usr/sbin/lofiadm\fR \fB-C\fR \fIalgorithm\fR [\fB-s\fR \fIsegment_size\fR] \fIfile\fR
43 +\fBlofiadm\fR \fB-C\fR \fIalgorithm\fR [\fB-s\fR \fIsegment_size\fR] \fIfile\fR
44 44 .fi
45 45
46 46 .LP
47 47 .nf
48 -\fB/usr/sbin/lofiadm\fR \fB-d\fR \fIfile\fR | \fIdevice\fR
48 +\fBlofiadm\fR \fB-d\fR \fIfile\fR | \fIdevice\fR
49 49 .fi
50 50
51 51 .LP
52 52 .nf
53 -\fB/usr/sbin/lofiadm\fR \fB-U\fR \fIfile\fR
53 +\fBlofiadm\fR \fB-U\fR \fIfile\fR
54 54 .fi
55 55
56 56 .LP
57 57 .nf
58 -\fB/usr/sbin/lofiadm\fR [ \fIfile\fR | \fIdevice\fR]
58 +\fBlofiadm\fR [ \fIfile\fR | \fIdevice\fR]
59 59 .fi
60 60
61 61 .SH DESCRIPTION
62 62 .sp
63 63 .LP
64 64 \fBlofiadm\fR administers \fBlofi\fR, the loopback file driver. \fBlofi\fR
65 65 allows a file to be associated with a block device. That file can then be
66 66 accessed through the block device. This is useful when the file contains an
67 67 image of some filesystem (such as a floppy or \fBCD-ROM\fR image), because the
68 68 block device can then be used with the normal system utilities for mounting,
69 69 checking or repairing filesystems. See \fBfsck\fR(1M) and \fBmount\fR(1M).
70 70 .sp
71 71 .LP
72 72 Use \fBlofiadm\fR to add a file as a loopback device, remove such an
73 73 association, or print information about the current associations.
74 74 .sp
75 75 .LP
76 76 Encryption and compression options are mutually exclusive on the command line.
77 77 Further, an encrypted file cannot be compressed later, nor can a compressed
78 78 file be encrypted later.
79 79 .sp
80 80 .LP
81 81 The \fBlofi\fR driver is not available and will not work inside a zone.
82 82 .SH OPTIONS
83 83 .sp
84 84 .LP
85 85 The following options are supported:
86 86 .sp
87 87 .ne 2
88 88 .na
89 89 \fB\fB-a\fR \fIfile\fR [\fIdevice\fR]\fR
90 90 .ad
91 91 .sp .6
92 92 .RS 4n
93 93 Add \fIfile\fR as a block device.
94 94 .sp
95 95 If \fIdevice\fR is not specified, an available device is picked.
96 96 .sp
97 97 If \fIdevice\fR is specified, \fBlofiadm\fR attempts to assign it to
98 98 \fIfile\fR. \fIdevice\fR must be available or \fBlofiadm\fR will fail. The
99 99 ability to specify a device is provided for use in scripts that wish to
100 100 reestablish a particular set of associations.
101 101 .RE
102 102
103 103 .sp
104 104 .ne 2
105 105 .na
106 106 \fB\fB-C\fR {\fIgzip\fR | \fIgzip-N\fR | \fIlzma\fR}\fR
107 107 .ad
108 108 .sp .6
109 109 .RS 4n
110 110 Compress the file with the specified compression algorithm.
111 111 .sp
112 112 The \fBgzip\fR compression algorithm uses the same compression as the
113 113 open-source \fBgzip\fR command. You can specify the \fBgzip\fR level by using
114 114 the value \fBgzip-\fR\fIN\fR where \fIN\fR is 6 (fast) or 9 (best compression
115 115 ratio). Currently, \fBgzip\fR, without a number, is equivalent to \fBgzip-6\fR
116 116 (which is also the default for the \fBgzip\fR command).
117 117 .sp
118 118 \fIlzma\fR stands for the LZMA (Lempel-Ziv-Markov) compression algorithm.
119 119 .sp
120 120 Note that you cannot write to a compressed file, nor can you mount a compressed
121 121 file read/write.
122 122 .RE
123 123
124 124 .sp
|
↓ open down ↓ |
56 lines elided |
↑ open up ↑ |
125 125 .ne 2
126 126 .na
127 127 \fB\fB-d\fR \fIfile\fR | \fIdevice\fR\fR
128 128 .ad
129 129 .sp .6
130 130 .RS 4n
131 131 Remove an association by \fIfile\fR or \fIdevice\fR name, if the associated
132 132 block device is not busy, and deallocates the block device.
133 133 .RE
134 134
135 +.sp
136 +.ne 2
137 +.na
138 +\fB\fB-r\fR
139 +.ad
140 +.sp .6
141 +.RS 4n
142 +If the \fB-r\fR option is specified before the \fB-a\fR option, the
143 +\fIdevice\fR will be opened read-only.
144 +.RE
145 +
135 146 .sp
136 147 .ne 2
137 148 .na
138 149 \fB\fB-s\fR \fIsegment_size\fR\fR
139 150 .ad
140 151 .sp .6
141 152 .RS 4n
142 153 The segment size to use to divide the file being compressed. \fIsegment_size\fR
143 154 can be an integer multiple of 512.
144 155 .RE
145 156
146 157 .sp
147 158 .ne 2
148 159 .na
149 160 \fB\fB-U\fR \fIfile\fR\fR
150 161 .ad
151 162 .sp .6
152 163 .RS 4n
153 164 Uncompress a compressed file.
154 165 .RE
155 166
156 167 .sp
157 168 .LP
158 169 The following options are used when the file is encrypted:
159 170 .sp
160 171 .ne 2
161 172 .na
162 173 \fB\fB-c\fR \fIcrypto_algorithm\fR\fR
163 174 .ad
164 175 .sp .6
165 176 .RS 4n
166 177 Select the encryption algorithm. The algorithm must be specified when
167 178 encryption is enabled because the algorithm is not stored in the disk image.
168 179 .sp
169 180 If none of \fB-e\fR, \fB-k\fR, or \fB-T\fR is specified, \fBlofiadm\fR prompts
170 181 for a passphrase, with a minimum length of eight characters, to be entered .
171 182 The passphrase is used to derive a symmetric encryption key using PKCS#5 PBKD2.
172 183 .RE
173 184
174 185 .sp
175 186 .ne 2
176 187 .na
177 188 \fB\fB-k\fR \fIraw_key_file\fR | \fIwrapped_key_file\fR\fR
178 189 .ad
179 190 .sp .6
180 191 .RS 4n
181 192 Path to raw or wrapped symmetric encryption key. If a PKCS#11 object is also
182 193 given with the \fB-T\fR option, then the key is wrapped by that object. If
183 194 \fB-T\fR is not specified, the key is used raw.
184 195 .RE
185 196
186 197 .sp
187 198 .ne 2
188 199 .na
189 200 \fB\fB-T\fR \fItoken_key\fR\fR
190 201 .ad
191 202 .sp .6
192 203 .RS 4n
193 204 The key in a PKCS#11 token to use for the encryption or for unwrapping the key
194 205 file.
195 206 .sp
196 207 If \fB-k\fR is also specified, \fB-T\fR identifies the unwrapping key, which
197 208 must be an RSA private key.
198 209 .RE
199 210
200 211 .sp
201 212 .ne 2
202 213 .na
203 214 \fB\fB-e\fR\fR
204 215 .ad
205 216 .sp .6
206 217 .RS 4n
207 218 Generate an ephemeral symmetric encryption key.
208 219 .RE
209 220
210 221 .SH OPERANDS
211 222 .sp
212 223 .LP
213 224 The following operands are supported:
214 225 .sp
215 226 .ne 2
216 227 .na
217 228 \fB\fIcrypto_algorithm\fR\fR
218 229 .ad
219 230 .sp .6
220 231 .RS 4n
221 232 One of: \fBaes-128-cbc\fR, \fBaes-192-cbc\fR, \fBaes-256-cbc\fR,
222 233 \fBdes3-cbc\fR, \fBblowfish-cbc\fR.
223 234 .RE
224 235
225 236 .sp
226 237 .ne 2
227 238 .na
228 239 \fB\fIdevice\fR\fR
229 240 .ad
230 241 .sp .6
231 242 .RS 4n
232 243 Display the file name associated with the block device \fIdevice\fR.
233 244 .sp
234 245 Without arguments, print a list of the current associations. Filenames must be
235 246 valid absolute pathnames.
236 247 .sp
237 248 When a file is added, it is opened for reading or writing by root. Any
238 249 restrictions apply (such as restricted root access over \fBNFS\fR). The file is
239 250 held open until the association is removed. It is not actually accessed until
240 251 the block device is used, so it will never be written to if the block device is
241 252 only opened read-only.
242 253 .RE
243 254
244 255 .sp
245 256 .ne 2
246 257 .na
247 258 \fB\fIfile\fR\fR
248 259 .ad
249 260 .sp .6
250 261 .RS 4n
251 262 Display the block device associated with \fIfile\fR.
252 263 .RE
253 264
254 265 .sp
255 266 .ne 2
256 267 .na
257 268 \fB\fIraw_key_file\fR\fR
258 269 .ad
259 270 .sp .6
260 271 .RS 4n
261 272 Path to a file of the appropriate length, in bits, to use as a raw symmetric
262 273 encryption key.
263 274 .RE
264 275
265 276 .sp
266 277 .ne 2
267 278 .na
268 279 \fB\fItoken_key\fR\fR
269 280 .ad
270 281 .sp .6
271 282 .RS 4n
272 283 PKCS#11 token object in the format:
273 284 .sp
274 285 .in +2
275 286 .nf
276 287 \fItoken_name\fR:\fImanufacturer_id\fR:\fIserial_number\fR:\fIkey_label\fR
277 288 .fi
278 289 .in -2
279 290 .sp
280 291
281 292 All but the key label are optional and can be empty. For example, to specify a
282 293 token object with only its key label \fBMylofiKey\fR, use:
283 294 .sp
284 295 .in +2
285 296 .nf
286 297 -T :::MylofiKey
287 298 .fi
288 299 .in -2
289 300 .sp
290 301
291 302 .RE
292 303
293 304 .sp
294 305 .ne 2
295 306 .na
296 307 \fB\fIwrapped_key_file\fR\fR
297 308 .ad
298 309 .sp .6
299 310 .RS 4n
300 311 Path to file containing a symmetric encryption key wrapped by the RSA private
301 312 key specified by \fB-T\fR.
302 313 .RE
303 314
304 315 .SH EXAMPLES
305 316 .LP
306 317 \fBExample 1 \fRMounting an Existing CD-ROM Image
307 318 .sp
308 319 .LP
309 320 You should ensure that Solaris understands the image before creating the
310 321 \fBCD\fR. \fBlofi\fR allows you to mount the image and see if it works.
311 322
312 323 .sp
313 324 .LP
314 325 This example mounts an existing \fBCD-ROM\fR image (\fBsparc.iso\fR), of the
315 326 \fBRed Hat 6.0 CD\fR which was downloaded from the Internet. It was created
316 327 with the \fBmkisofs\fR utility from the Internet.
317 328
318 329 .sp
319 330 .LP
320 331 Use \fBlofiadm\fR to attach a block device to it:
321 332
322 333 .sp
323 334 .in +2
324 335 .nf
325 336 # \fBlofiadm -a /home/mike_s/RH6.0/sparc.iso\fR
326 337 /dev/lofi/1
327 338 .fi
328 339 .in -2
329 340 .sp
330 341
331 342 .sp
332 343 .LP
333 344 \fBlofiadm\fR picks the device and prints the device name to the standard
334 345 output. You can run \fBlofiadm\fR again by issuing the following command:
335 346
336 347 .sp
337 348 .in +2
338 349 .nf
339 350 # \fBlofiadm\fR
340 351 Block Device File Options
341 352 /dev/lofi/1 /home/mike_s/RH6.0/sparc.iso -
342 353 .fi
343 354 .in -2
344 355 .sp
345 356
346 357 .sp
347 358 .LP
348 359 Or, you can give it one name and ask for the other, by issuing the following
349 360 command:
350 361
351 362 .sp
352 363 .in +2
353 364 .nf
354 365 # \fBlofiadm /dev/lofi/1\fR
355 366 /home/mike_s/RH6.0/sparc.iso
356 367 .fi
357 368 .in -2
358 369 .sp
359 370
360 371 .sp
361 372 .LP
362 373 Use the \fBmount\fR command to mount the image:
363 374
364 375 .sp
365 376 .in +2
366 377 .nf
367 378 # \fBmount -F hsfs -o ro /dev/lofi/1 /mnt\fR
368 379 .fi
369 380 .in -2
370 381 .sp
371 382
372 383 .sp
373 384 .LP
374 385 Check to ensure that Solaris understands the image:
375 386
376 387 .sp
377 388 .in +2
378 389 .nf
379 390 # \fBdf -k /mnt\fR
380 391 Filesystem kbytes used avail capacity Mounted on
381 392 /dev/lofi/1 512418 512418 0 100% /mnt
382 393 # \fBls /mnt\fR
383 394 \&./ RedHat/ doc/ ls-lR rr_moved/
384 395 \&../ TRANS.TBL dosutils/ ls-lR.gz sbin@
385 396 \&.buildlog bin@ etc@ misc/ tmp/
386 397 COPYING boot/ images/ mnt/ usr@
387 398 README boot.cat* kernels/ modules/
388 399 RPM-PGP-KEY dev@ lib@ proc/
389 400 .fi
390 401 .in -2
391 402 .sp
392 403
393 404 .sp
394 405 .LP
395 406 Solaris can mount the CD-ROM image, and understand the filenames. The image was
396 407 created properly, and you can now create the \fBCD-ROM\fR with confidence.
397 408
398 409 .sp
399 410 .LP
400 411 As a final step, unmount and detach the images:
401 412
402 413 .sp
403 414 .in +2
404 415 .nf
405 416 # \fBumount /mnt\fR
406 417 # \fBlofiadm -d /dev/lofi/1\fR
407 418 # \fBlofiadm\fR
408 419 Block Device File Options
409 420 .fi
410 421 .in -2
411 422 .sp
412 423
413 424 .LP
414 425 \fBExample 2 \fRMounting a Floppy Image
415 426 .sp
416 427 .LP
417 428 This is similar to the first example.
418 429
419 430 .sp
420 431 .LP
421 432 Using \fBlofi\fR to help you mount files that contain floppy images is helpful
422 433 if a floppy disk contains a file that you need, but the machine which you are
423 434 on does not have a floppy drive. It is also helpful if you do not want to take
424 435 the time to use the \fBdd\fR command to copy the image to a floppy.
425 436
426 437 .sp
427 438 .LP
428 439 This is an example of getting to \fBMDB\fR floppy for Solaris on an x86
429 440 platform:
430 441
431 442 .sp
432 443 .in +2
433 444 .nf
434 445 # \fBlofiadm -a /export/s28/MDB_s28x_wos/latest/boot.3\fR
435 446 /dev/lofi/1
436 447 # \fBmount -F pcfs /dev/lofi/1 /mnt\fR
437 448 # \fBls /mnt\fR
438 449 \&./ COMMENT.BAT* RC.D/ SOLARIS.MAP*
439 450 \&../ IDENT* REPLACE.BAT* X/
440 451 APPEND.BAT* MAKEDIR.BAT* SOLARIS/
441 452 # \fBumount /mnt\fR
442 453 # \fBlofiadm -d /export/s28/MDB_s28x_wos/latest/boot.3\fR
443 454 .fi
444 455 .in -2
445 456 .sp
446 457
447 458 .LP
448 459 \fBExample 3 \fRMaking a \fBUFS\fR Filesystem on a File
449 460 .sp
450 461 .LP
451 462 Making a \fBUFS\fR filesystem on a file can be useful, particularly if a test
452 463 suite requires a scratch filesystem. It can be painful (or annoying) to have to
453 464 repartition a disk just for the test suite, but you do not have to. You can
454 465 \fBnewfs\fR a file with \fBlofi\fR
455 466
456 467 .sp
457 468 .LP
458 469 Create the file:
459 470
460 471 .sp
461 472 .in +2
462 473 .nf
463 474 # \fBmkfile 35m /export/home/test\fR
464 475 .fi
465 476 .in -2
466 477 .sp
467 478
468 479 .sp
469 480 .LP
470 481 Attach it to a block device. You also get the character device that \fBnewfs\fR
471 482 requires, so \fBnewfs\fR that:
472 483
473 484 .sp
474 485 .in +2
475 486 .nf
476 487 # \fBlofiadm -a /export/home/test\fR
477 488 /dev/lofi/1
478 489 # \fBnewfs /dev/rlofi/1\fR
479 490 newfs: construct a new file system /dev/rlofi/1: (y/n)? \fBy\fR
480 491 /dev/rlofi/1: 71638 sectors in 119 cylinders of 1 tracks, 602 sectors
481 492 35.0MB in 8 cyl groups (16 c/g, 4.70MB/g, 2240 i/g)
482 493 super-block backups (for fsck -F ufs -o b=#) at:
483 494 32, 9664, 19296, 28928, 38560, 48192, 57824, 67456,
484 495 .fi
485 496 .in -2
486 497 .sp
487 498
488 499 .sp
489 500 .LP
490 501 Note that \fBufs\fR might not be able to use the entire file. Mount and use the
491 502 filesystem:
492 503
493 504 .sp
494 505 .in +2
495 506 .nf
496 507 # \fBmount /dev/lofi/1 /mnt\fR
497 508 # \fBdf -k /mnt\fR
498 509 Filesystem kbytes used avail capacity Mounted on
499 510 /dev/lofi/1 33455 9 30101 1% /mnt
500 511 # \fBls /mnt\fR
501 512 \&./ ../ lost+found/
502 513 # \fBumount /mnt\fR
503 514 # \fBlofiadm -d /dev/lofi/1\fR
504 515 .fi
505 516 .in -2
506 517 .sp
507 518
508 519 .LP
509 520 \fBExample 4 \fRCreating a PC (FAT) File System on a Unix File
510 521 .sp
511 522 .LP
512 523 The following series of commands creates a \fBFAT\fR file system on a Unix
513 524 file. The file is associated with a block device created by \fBlofiadm\fR.
514 525
515 526 .sp
516 527 .in +2
517 528 .nf
518 529 # \fBmkfile 10M /export/test/testfs\fR
519 530 # \fBlofiadm -a /export/test testfs\fR
520 531 /dev/lofi/1
521 532 \fBNote use of\fR rlofi\fB, not\fR lofi\fB, in following command.\fR
522 533 # \fBmkfs -F pcfs -o nofdisk,size=20480 /dev/rlofi/1\fR
523 534 \fBConstruct a new FAT file system on /dev/rlofi/1: (y/n)?\fR y
524 535 # \fBmount -F pcfs /dev/lofi/1 /mnt\fR
525 536 # \fBcd /mnt\fR
526 537 # \fBdf -k .\fR
527 538 Filesystem kbytes used avail capacity Mounted on
528 539 /dev/lofi/1 10142 0 10142 0% /mnt
529 540 .fi
530 541 .in -2
531 542 .sp
532 543
533 544 .LP
534 545 \fBExample 5 \fRCompressing an Existing CD-ROM Image
535 546 .sp
536 547 .LP
537 548 The following example illustrates compressing an existing CD-ROM image
538 549 (\fBsolaris.iso\fR), verifying that the image is compressed, and then
539 550 uncompressing it.
540 551
541 552 .sp
542 553 .in +2
543 554 .nf
544 555 # \fBlofiadm -C gzip /export/home/solaris.iso\fR
545 556 .fi
546 557 .in -2
547 558 .sp
548 559
549 560 .sp
550 561 .LP
551 562 Use \fBlofiadm\fR to attach a block device to it:
552 563
553 564 .sp
554 565 .in +2
555 566 .nf
556 567 # \fBlofiadm -a /export/home/solaris.iso\fR
557 568 /dev/lofi/1
558 569 .fi
559 570 .in -2
560 571 .sp
561 572
562 573 .sp
563 574 .LP
564 575 Check if the mapped image is compressed:
565 576
566 577 .sp
567 578 .in +2
568 579 .nf
569 580 # \fBlofiadm\fR
570 581 Block Device File Options
571 582 /dev/lofi/1 /export/home/solaris.iso Compressed(gzip)
572 583 /dev/lofi/2 /export/home/regular.iso -
573 584 .fi
574 585 .in -2
575 586 .sp
576 587
577 588 .sp
578 589 .LP
579 590 Unmap the compressed image and uncompress it:
580 591
581 592 .sp
582 593 .in +2
583 594 .nf
584 595 # \fBlofiadm -d /dev/lofi/1\fR
585 596 # \fBlofiadm -U /export/home/solaris.iso\fR
586 597 .fi
587 598 .in -2
588 599 .sp
589 600
590 601 .LP
591 602 \fBExample 6 \fRCreating an Encrypted UFS File System on a File
592 603 .sp
593 604 .LP
594 605 This example is similar to the example of making a UFS filesystem on a file,
595 606 above.
596 607
597 608 .sp
598 609 .LP
599 610 Create the file:
600 611
601 612 .sp
602 613 .in +2
603 614 .nf
604 615 # \fBmkfile 35m /export/home/test\fR
605 616 .fi
606 617 .in -2
607 618 .sp
608 619
609 620 .sp
610 621 .LP
611 622 Attach the file to a block device and specify that the file image is encrypted.
612 623 As a result of this command, you obtain the character device, which is
613 624 subsequently used by \fBnewfs\fR:
614 625
615 626 .sp
616 627 .in +2
617 628 .nf
618 629 # \fBlofiadm -c aes-256-cbc -a /export/home/secrets\fR
619 630 Enter passphrase: \fBMy-M0th3r;l0v3s_m3+4lw4ys!\fR (\fBnot echoed\fR)
620 631 Re-enter passphrase: \fBMy-M0th3r;l0v3s_m3+4lw4ys!\fR (\fBnot echoed\fR)
621 632 /dev/lofi/1
622 633
623 634 # \fBnewfs /dev/rlofi/1\fR
624 635 newfs: construct a new file system /dev/rlofi/1: (y/n)? \fBy\fR
625 636 /dev/rlofi/1: 71638 sectors in 119 cylinders of 1 tracks, 602 sectors
626 637 35.0MB in 8 cyl groups (16 c/g, 4.70MB/g, 2240 i/g)
627 638 super-block backups (for fsck -F ufs -o b=#) at:
628 639 32, 9664, 19296, 28928, 38560, 48192, 57824, 67456,
629 640 .fi
630 641 .in -2
631 642 .sp
632 643
633 644 .sp
634 645 .LP
635 646 The mapped file system shows that encryption is enabled:
636 647
637 648 .sp
638 649 .in +2
639 650 .nf
640 651 # \fBlofiadm\fR
641 652 Block Device File Options
642 653 /dev/lofi/1 /export/home/secrets Encrypted
643 654 .fi
644 655 .in -2
645 656 .sp
646 657
647 658 .sp
648 659 .LP
649 660 Mount and use the filesystem:
650 661
651 662 .sp
652 663 .in +2
653 664 .nf
654 665 # \fBmount /dev/lofi/1 /mnt\fR
655 666 # \fBcp moms_secret_*_recipe /mnt\fR
656 667 # \fBls /mnt\fR
657 668 \&./ moms_secret_cookie_recipe moms_secret_soup_recipe
658 669 \&../ moms_secret_fudge_recipe moms_secret_stuffing_recipe
659 670 lost+found/ moms_secret_meatloaf_recipe moms_secret_waffle_recipe
660 671 # \fBumount /mnt\fR
661 672 # \fBlofiadm -d /dev/lofi/1\fR
662 673 .fi
663 674 .in -2
664 675 .sp
665 676
666 677 .sp
667 678 .LP
668 679 Subsequent attempts to map the filesystem with the wrong key or the wrong
669 680 encryption algorithm will fail:
670 681
671 682 .sp
672 683 .in +2
673 684 .nf
674 685 # \fBlofiadm -c blowfish-cbc -a /export/home/secrets\fR
675 686 Enter passphrase: \fBmommy\fR (\fInot echoed\fR)
676 687 Re-enter passphrase: \fBmommy\fR (\fInot echoed\fR)
677 688 lofiadm: could not map file /root/lofi: Invalid argument
678 689 # \fBlofiadm\fR
679 690 Block Device File Options
680 691 #
681 692 .fi
682 693 .in -2
683 694 .sp
684 695
685 696 .sp
686 697 .LP
687 698 Attempts to map the filesystem without encryption will succeed, however
688 699 attempts to mount and use the filesystem will fail:
689 700
690 701 .sp
691 702 .in +2
692 703 .nf
693 704 # \fBlofiadm -a /export/home/secrets\fR
694 705 /dev/lofi/1
695 706 # \fBlofiadm\fR
696 707 Block Device File Options
697 708 /dev/lofi/1 /export/home/secrets -
698 709 # \fBmount /dev/lofi/1 /mnt\fR
699 710 mount: /dev/lofi/1 is not this fstype
700 711 #
701 712 .fi
702 713 .in -2
703 714 .sp
704 715
705 716 .SH ENVIRONMENT VARIABLES
706 717 .sp
707 718 .LP
708 719 See \fBenviron\fR(5) for descriptions of the following environment variables
709 720 that affect the execution of \fBlofiadm\fR: \fBLC_CTYPE\fR, \fBLC_MESSAGES\fR
710 721 and \fBNLSPATH\fR.
711 722 .SH EXIT STATUS
712 723 .sp
713 724 .LP
714 725 The following exit values are returned:
715 726 .sp
716 727 .ne 2
717 728 .na
718 729 \fB\fB0\fR\fR
719 730 .ad
720 731 .sp .6
721 732 .RS 4n
722 733 Successful completion.
723 734 .RE
724 735
725 736 .sp
726 737 .ne 2
727 738 .na
728 739 \fB\fB>0\fR\fR
729 740 .ad
730 741 .sp .6
731 742 .RS 4n
732 743 An error occurred.
733 744 .RE
734 745
735 746 .SH SEE ALSO
736 747 .sp
737 748 .LP
738 749 \fBfsck\fR(1M), \fBmount\fR(1M), \fBmount_ufs\fR(1M), \fBnewfs\fR(1M),
739 750 \fBattributes\fR(5), \fBlofi\fR(7D), \fBlofs\fR(7FS)
740 751 .SH NOTES
741 752 .sp
742 753 .LP
743 754 Just as you would not directly access a disk device that has mounted file
744 755 systems, you should not access a file associated with a block device except
745 756 through the \fBlofi\fR file driver. It might also be appropriate to ensure that
746 757 the file has appropriate permissions to prevent such access.
747 758 .sp
748 759 .LP
749 760 The abilities of \fBlofiadm\fR, and who can use them, are controlled by the
750 761 permissions of \fB/dev/lofictl\fR. Read-access allows query operations, such as
751 762 listing all the associations. Write-access is required to do any state-changing
752 763 operations, like adding an association. As shipped, \fB/dev/lofictl\fR is owned
753 764 by \fBroot\fR, in group \fBsys\fR, and mode \fB0644\fR, so all users can do
754 765 query operations but only root can change anything. The administrator can give
755 766 users write-access, allowing them to add or delete associations, but that is
756 767 very likely a security hole and should probably only be given to a trusted
757 768 group.
758 769 .sp
759 770 .LP
760 771 When mounting a filesystem image, take care to use appropriate mount options.
761 772 In particular, the \fBnosuid\fR mount option might be appropriate for \fBUFS\fR
762 773 images whose origin is unknown. Also, some options might not be useful or
763 774 appropriate, like \fBlogging\fR or \fBforcedirectio\fR for \fBUFS\fR. For
764 775 compatibility purposes, a raw device is also exported along with the block
765 776 device. For example, \fBnewfs\fR(1M) requires one.
766 777 .sp
767 778 .LP
768 779 The output of \fBlofiadm\fR (without arguments) might change in future
769 780 releases.
|
↓ open down ↓ |
625 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX