Print this page
5857 add -o option to lofiadm
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/lofiadm.1m
+++ new/usr/src/man/man1m/lofiadm.1m
1 1 '\" te
2 +.\" Copyright (c) 2016 Andrey Sokolov
2 3 .\" Copyright 2013 Nexenta Systems, Inc. All rights reserved.
3 4 .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved
4 5 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
5 6 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
6 7 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 8 .TH LOFIADM 1M "Aug 28, 2013"
8 9 .SH NAME
9 10 lofiadm \- administer files available as block devices through lofi
10 11 .SH SYNOPSIS
11 12 .LP
12 13 .nf
13 14 \fBlofiadm\fR [\fB-r\fR] \fB-a\fR \fIfile\fR [\fIdevice\fR]
14 15 .fi
15 16
16 17 .LP
17 18 .nf
18 -\fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
19 +\fBlofiadm\fR [\fB-r\fR] [\fB-o\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
19 20 .fi
20 21
21 22 .LP
22 23 .nf
23 24 \fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-k\fR \fIraw_key_file\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
24 25 .fi
25 26
26 27 .LP
27 28 .nf
28 29 \fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-T\fR \fItoken_key\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
29 30 .fi
30 31
31 32 .LP
32 33 .nf
33 34 \fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-T\fR \fItoken_key\fR
34 35 \fB-k\fR \fIwrapped_key_file\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
35 36 .fi
36 37
37 38 .LP
38 39 .nf
39 40 \fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-e\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
40 41 .fi
41 42
42 43 .LP
43 44 .nf
44 45 \fBlofiadm\fR \fB-C\fR \fIalgorithm\fR [\fB-s\fR \fIsegment_size\fR] \fIfile\fR
45 46 .fi
46 47
47 48 .LP
48 49 .nf
49 50 \fBlofiadm\fR \fB-d\fR \fIfile\fR | \fIdevice\fR
50 51 .fi
51 52
52 53 .LP
|
↓ open down ↓ |
24 lines elided |
↑ open up ↑ |
53 54 .nf
54 55 \fBlofiadm\fR \fB-U\fR \fIfile\fR
55 56 .fi
56 57
57 58 .LP
58 59 .nf
59 60 \fBlofiadm\fR [ \fIfile\fR | \fIdevice\fR]
60 61 .fi
61 62
62 63 .SH DESCRIPTION
63 -.sp
64 64 .LP
65 65 \fBlofiadm\fR administers \fBlofi\fR, the loopback file driver. \fBlofi\fR
66 66 allows a file to be associated with a block device. That file can then be
67 67 accessed through the block device. This is useful when the file contains an
68 68 image of some filesystem (such as a floppy or \fBCD-ROM\fR image), because the
69 69 block device can then be used with the normal system utilities for mounting,
70 70 checking or repairing filesystems. See \fBfsck\fR(1M) and \fBmount\fR(1M).
71 71 .sp
72 72 .LP
73 73 Use \fBlofiadm\fR to add a file as a loopback device, remove such an
74 74 association, or print information about the current associations.
|
↓ open down ↓ |
1 lines elided |
↑ open up ↑ |
75 75 .sp
76 76 .LP
77 77 Encryption and compression options are mutually exclusive on the command line.
78 78 Further, an encrypted file cannot be compressed later, nor can a compressed
79 79 file be encrypted later.
80 80
81 81 In the global zone, \fBlofiadm\fR can be used on both the global
82 82 zone devices and all devices owned by other non-global zones on the system.
83 83 .sp
84 84 .SH OPTIONS
85 -.sp
86 85 .LP
87 86 The following options are supported:
88 87 .sp
89 88 .ne 2
90 89 .na
91 90 \fB\fB-a\fR \fIfile\fR [\fIdevice\fR]\fR
92 91 .ad
93 92 .sp .6
94 93 .RS 4n
95 94 Add \fIfile\fR as a block device.
96 95 .sp
97 96 If \fIdevice\fR is not specified, an available device is picked.
98 97 .sp
99 98 If \fIdevice\fR is specified, \fBlofiadm\fR attempts to assign it to
100 99 \fIfile\fR. \fIdevice\fR must be available or \fBlofiadm\fR will fail. The
101 100 ability to specify a device is provided for use in scripts that wish to
102 101 reestablish a particular set of associations.
103 102 .RE
104 103
105 104 .sp
106 105 .ne 2
107 106 .na
108 107 \fB\fB-C\fR {\fIgzip\fR | \fIgzip-N\fR | \fIlzma\fR}\fR
109 108 .ad
110 109 .sp .6
111 110 .RS 4n
112 111 Compress the file with the specified compression algorithm.
113 112 .sp
114 113 The \fBgzip\fR compression algorithm uses the same compression as the
115 114 open-source \fBgzip\fR command. You can specify the \fBgzip\fR level by using
116 115 the value \fBgzip-\fR\fIN\fR where \fIN\fR is 6 (fast) or 9 (best compression
117 116 ratio). Currently, \fBgzip\fR, without a number, is equivalent to \fBgzip-6\fR
118 117 (which is also the default for the \fBgzip\fR command).
119 118 .sp
120 119 \fIlzma\fR stands for the LZMA (Lempel-Ziv-Markov) compression algorithm.
121 120 .sp
122 121 Note that you cannot write to a compressed file, nor can you mount a compressed
123 122 file read/write.
124 123 .RE
125 124
126 125 .sp
127 126 .ne 2
128 127 .na
129 128 \fB\fB-d\fR \fIfile\fR | \fIdevice\fR\fR
|
↓ open down ↓ |
34 lines elided |
↑ open up ↑ |
130 129 .ad
131 130 .sp .6
132 131 .RS 4n
133 132 Remove an association by \fIfile\fR or \fIdevice\fR name, if the associated
134 133 block device is not busy, and deallocates the block device.
135 134 .RE
136 135
137 136 .sp
138 137 .ne 2
139 138 .na
139 +\fB\fB-o\fR
140 +.ad
141 +.sp .6
142 +.RS 4n
143 +If the \fB-o\fR option is specified lofiadm will prompt for a passphrase once.
144 +.RE
145 +
146 +.sp
147 +.ne 2
148 +.na
140 149 \fB\fB-r\fR
141 150 .ad
142 151 .sp .6
143 152 .RS 4n
144 153 If the \fB-r\fR option is specified before the \fB-a\fR option, the
145 154 \fIdevice\fR will be opened read-only.
146 155 .RE
147 156
148 157 .sp
149 158 .ne 2
150 159 .na
151 160 \fB\fB-s\fR \fIsegment_size\fR\fR
152 161 .ad
153 162 .sp .6
154 163 .RS 4n
155 164 The segment size to use to divide the file being compressed. \fIsegment_size\fR
156 165 can be an integer multiple of 512.
157 166 .RE
158 167
159 168 .sp
160 169 .ne 2
161 170 .na
162 171 \fB\fB-U\fR \fIfile\fR\fR
163 172 .ad
164 173 .sp .6
165 174 .RS 4n
166 175 Uncompress a compressed file.
167 176 .RE
168 177
169 178 .sp
170 179 .LP
171 180 The following options are used when the file is encrypted:
172 181 .sp
173 182 .ne 2
174 183 .na
175 184 \fB\fB-c\fR \fIcrypto_algorithm\fR\fR
176 185 .ad
177 186 .sp .6
178 187 .RS 4n
179 188 Select the encryption algorithm. The algorithm must be specified when
180 189 encryption is enabled because the algorithm is not stored in the disk image.
181 190 .sp
182 191 If none of \fB-e\fR, \fB-k\fR, or \fB-T\fR is specified, \fBlofiadm\fR prompts
183 192 for a passphrase, with a minimum length of eight characters, to be entered .
184 193 The passphrase is used to derive a symmetric encryption key using PKCS#5 PBKD2.
185 194 .RE
186 195
187 196 .sp
188 197 .ne 2
189 198 .na
190 199 \fB\fB-k\fR \fIraw_key_file\fR | \fIwrapped_key_file\fR\fR
191 200 .ad
192 201 .sp .6
193 202 .RS 4n
194 203 Path to raw or wrapped symmetric encryption key. If a PKCS#11 object is also
195 204 given with the \fB-T\fR option, then the key is wrapped by that object. If
196 205 \fB-T\fR is not specified, the key is used raw.
197 206 .RE
198 207
199 208 .sp
200 209 .ne 2
201 210 .na
202 211 \fB\fB-T\fR \fItoken_key\fR\fR
203 212 .ad
204 213 .sp .6
205 214 .RS 4n
206 215 The key in a PKCS#11 token to use for the encryption or for unwrapping the key
207 216 file.
208 217 .sp
209 218 If \fB-k\fR is also specified, \fB-T\fR identifies the unwrapping key, which
210 219 must be an RSA private key.
211 220 .RE
212 221
213 222 .sp
|
↓ open down ↓ |
64 lines elided |
↑ open up ↑ |
214 223 .ne 2
215 224 .na
216 225 \fB\fB-e\fR\fR
217 226 .ad
218 227 .sp .6
219 228 .RS 4n
220 229 Generate an ephemeral symmetric encryption key.
221 230 .RE
222 231
223 232 .SH OPERANDS
224 -.sp
225 233 .LP
226 234 The following operands are supported:
227 235 .sp
228 236 .ne 2
229 237 .na
230 238 \fB\fIcrypto_algorithm\fR\fR
231 239 .ad
232 240 .sp .6
233 241 .RS 4n
234 242 One of: \fBaes-128-cbc\fR, \fBaes-192-cbc\fR, \fBaes-256-cbc\fR,
235 243 \fBdes3-cbc\fR, \fBblowfish-cbc\fR.
236 244 .RE
237 245
238 246 .sp
239 247 .ne 2
240 248 .na
241 249 \fB\fIdevice\fR\fR
242 250 .ad
243 251 .sp .6
244 252 .RS 4n
245 253 Display the file name associated with the block device \fIdevice\fR.
246 254 .sp
247 255 Without arguments, print a list of the current associations. Filenames must be
248 256 valid absolute pathnames.
249 257 .sp
250 258 When a file is added, it is opened for reading or writing by root. Any
251 259 restrictions apply (such as restricted root access over \fBNFS\fR). The file is
252 260 held open until the association is removed. It is not actually accessed until
253 261 the block device is used, so it will never be written to if the block device is
254 262 only opened read-only.
255 263
256 264 Note that the filename may appear as "?" if it is not possible to resolve the
257 265 path in the current context (for example, if it's an NFS path in a non-global
258 266 zone).
259 267 .RE
260 268
261 269 .sp
262 270 .ne 2
263 271 .na
264 272 \fB\fIfile\fR\fR
265 273 .ad
266 274 .sp .6
267 275 .RS 4n
268 276 Display the block device associated with \fIfile\fR.
269 277 .RE
270 278
271 279 .sp
272 280 .ne 2
273 281 .na
274 282 \fB\fIraw_key_file\fR\fR
275 283 .ad
276 284 .sp .6
277 285 .RS 4n
278 286 Path to a file of the appropriate length, in bits, to use as a raw symmetric
279 287 encryption key.
280 288 .RE
281 289
282 290 .sp
283 291 .ne 2
284 292 .na
285 293 \fB\fItoken_key\fR\fR
286 294 .ad
287 295 .sp .6
288 296 .RS 4n
289 297 PKCS#11 token object in the format:
290 298 .sp
291 299 .in +2
292 300 .nf
293 301 \fItoken_name\fR:\fImanufacturer_id\fR:\fIserial_number\fR:\fIkey_label\fR
294 302 .fi
295 303 .in -2
296 304 .sp
297 305
298 306 All but the key label are optional and can be empty. For example, to specify a
299 307 token object with only its key label \fBMylofiKey\fR, use:
300 308 .sp
301 309 .in +2
302 310 .nf
303 311 -T :::MylofiKey
304 312 .fi
305 313 .in -2
306 314 .sp
307 315
308 316 .RE
309 317
310 318 .sp
311 319 .ne 2
312 320 .na
313 321 \fB\fIwrapped_key_file\fR\fR
314 322 .ad
315 323 .sp .6
316 324 .RS 4n
317 325 Path to file containing a symmetric encryption key wrapped by the RSA private
318 326 key specified by \fB-T\fR.
319 327 .RE
320 328
321 329 .SH EXAMPLES
322 330 .LP
323 331 \fBExample 1 \fRMounting an Existing CD-ROM Image
324 332 .sp
325 333 .LP
326 334 You should ensure that Solaris understands the image before creating the
327 335 \fBCD\fR. \fBlofi\fR allows you to mount the image and see if it works.
328 336
329 337 .sp
330 338 .LP
331 339 This example mounts an existing \fBCD-ROM\fR image (\fBsparc.iso\fR), of the
332 340 \fBRed Hat 6.0 CD\fR which was downloaded from the Internet. It was created
333 341 with the \fBmkisofs\fR utility from the Internet.
334 342
335 343 .sp
336 344 .LP
337 345 Use \fBlofiadm\fR to attach a block device to it:
338 346
339 347 .sp
340 348 .in +2
341 349 .nf
342 350 # \fBlofiadm -a /home/mike_s/RH6.0/sparc.iso\fR
343 351 /dev/lofi/1
344 352 .fi
345 353 .in -2
346 354 .sp
347 355
348 356 .sp
349 357 .LP
350 358 \fBlofiadm\fR picks the device and prints the device name to the standard
351 359 output. You can run \fBlofiadm\fR again by issuing the following command:
352 360
353 361 .sp
354 362 .in +2
355 363 .nf
356 364 # \fBlofiadm\fR
357 365 Block Device File Options
358 366 /dev/lofi/1 /home/mike_s/RH6.0/sparc.iso -
359 367 .fi
360 368 .in -2
361 369 .sp
362 370
363 371 .sp
364 372 .LP
365 373 Or, you can give it one name and ask for the other, by issuing the following
366 374 command:
367 375
368 376 .sp
369 377 .in +2
370 378 .nf
371 379 # \fBlofiadm /dev/lofi/1\fR
372 380 /home/mike_s/RH6.0/sparc.iso
373 381 .fi
374 382 .in -2
375 383 .sp
376 384
377 385 .sp
378 386 .LP
379 387 Use the \fBmount\fR command to mount the image:
380 388
381 389 .sp
382 390 .in +2
383 391 .nf
384 392 # \fBmount -F hsfs -o ro /dev/lofi/1 /mnt\fR
385 393 .fi
386 394 .in -2
387 395 .sp
388 396
389 397 .sp
390 398 .LP
391 399 Check to ensure that Solaris understands the image:
392 400
393 401 .sp
394 402 .in +2
395 403 .nf
396 404 # \fBdf -k /mnt\fR
397 405 Filesystem kbytes used avail capacity Mounted on
398 406 /dev/lofi/1 512418 512418 0 100% /mnt
399 407 # \fBls /mnt\fR
400 408 \&./ RedHat/ doc/ ls-lR rr_moved/
401 409 \&../ TRANS.TBL dosutils/ ls-lR.gz sbin@
402 410 \&.buildlog bin@ etc@ misc/ tmp/
403 411 COPYING boot/ images/ mnt/ usr@
404 412 README boot.cat* kernels/ modules/
405 413 RPM-PGP-KEY dev@ lib@ proc/
406 414 .fi
407 415 .in -2
408 416 .sp
409 417
410 418 .sp
411 419 .LP
412 420 Solaris can mount the CD-ROM image, and understand the filenames. The image was
413 421 created properly, and you can now create the \fBCD-ROM\fR with confidence.
414 422
415 423 .sp
416 424 .LP
417 425 As a final step, unmount and detach the images:
418 426
419 427 .sp
420 428 .in +2
421 429 .nf
422 430 # \fBumount /mnt\fR
423 431 # \fBlofiadm -d /dev/lofi/1\fR
424 432 # \fBlofiadm\fR
425 433 Block Device File Options
426 434 .fi
427 435 .in -2
428 436 .sp
429 437
430 438 .LP
431 439 \fBExample 2 \fRMounting a Floppy Image
432 440 .sp
433 441 .LP
434 442 This is similar to the first example.
435 443
436 444 .sp
437 445 .LP
438 446 Using \fBlofi\fR to help you mount files that contain floppy images is helpful
439 447 if a floppy disk contains a file that you need, but the machine which you are
440 448 on does not have a floppy drive. It is also helpful if you do not want to take
441 449 the time to use the \fBdd\fR command to copy the image to a floppy.
442 450
443 451 .sp
444 452 .LP
445 453 This is an example of getting to \fBMDB\fR floppy for Solaris on an x86
446 454 platform:
447 455
448 456 .sp
449 457 .in +2
450 458 .nf
451 459 # \fBlofiadm -a /export/s28/MDB_s28x_wos/latest/boot.3\fR
452 460 /dev/lofi/1
453 461 # \fBmount -F pcfs /dev/lofi/1 /mnt\fR
454 462 # \fBls /mnt\fR
455 463 \&./ COMMENT.BAT* RC.D/ SOLARIS.MAP*
456 464 \&../ IDENT* REPLACE.BAT* X/
457 465 APPEND.BAT* MAKEDIR.BAT* SOLARIS/
458 466 # \fBumount /mnt\fR
459 467 # \fBlofiadm -d /export/s28/MDB_s28x_wos/latest/boot.3\fR
460 468 .fi
461 469 .in -2
462 470 .sp
463 471
464 472 .LP
465 473 \fBExample 3 \fRMaking a \fBUFS\fR Filesystem on a File
466 474 .sp
467 475 .LP
468 476 Making a \fBUFS\fR filesystem on a file can be useful, particularly if a test
469 477 suite requires a scratch filesystem. It can be painful (or annoying) to have to
470 478 repartition a disk just for the test suite, but you do not have to. You can
471 479 \fBnewfs\fR a file with \fBlofi\fR
472 480
473 481 .sp
474 482 .LP
475 483 Create the file:
476 484
477 485 .sp
478 486 .in +2
479 487 .nf
480 488 # \fBmkfile 35m /export/home/test\fR
481 489 .fi
482 490 .in -2
483 491 .sp
484 492
485 493 .sp
486 494 .LP
487 495 Attach it to a block device. You also get the character device that \fBnewfs\fR
488 496 requires, so \fBnewfs\fR that:
489 497
490 498 .sp
491 499 .in +2
492 500 .nf
493 501 # \fBlofiadm -a /export/home/test\fR
494 502 /dev/lofi/1
495 503 # \fBnewfs /dev/rlofi/1\fR
496 504 newfs: construct a new file system /dev/rlofi/1: (y/n)? \fBy\fR
497 505 /dev/rlofi/1: 71638 sectors in 119 cylinders of 1 tracks, 602 sectors
498 506 35.0MB in 8 cyl groups (16 c/g, 4.70MB/g, 2240 i/g)
499 507 super-block backups (for fsck -F ufs -o b=#) at:
500 508 32, 9664, 19296, 28928, 38560, 48192, 57824, 67456,
501 509 .fi
502 510 .in -2
503 511 .sp
504 512
505 513 .sp
506 514 .LP
507 515 Note that \fBufs\fR might not be able to use the entire file. Mount and use the
508 516 filesystem:
509 517
510 518 .sp
511 519 .in +2
512 520 .nf
513 521 # \fBmount /dev/lofi/1 /mnt\fR
514 522 # \fBdf -k /mnt\fR
515 523 Filesystem kbytes used avail capacity Mounted on
516 524 /dev/lofi/1 33455 9 30101 1% /mnt
517 525 # \fBls /mnt\fR
518 526 \&./ ../ lost+found/
519 527 # \fBumount /mnt\fR
520 528 # \fBlofiadm -d /dev/lofi/1\fR
521 529 .fi
522 530 .in -2
523 531 .sp
524 532
525 533 .LP
526 534 \fBExample 4 \fRCreating a PC (FAT) File System on a Unix File
527 535 .sp
528 536 .LP
529 537 The following series of commands creates a \fBFAT\fR file system on a Unix
530 538 file. The file is associated with a block device created by \fBlofiadm\fR.
531 539
532 540 .sp
533 541 .in +2
534 542 .nf
535 543 # \fBmkfile 10M /export/test/testfs\fR
536 544 # \fBlofiadm -a /export/test testfs\fR
537 545 /dev/lofi/1
538 546 \fBNote use of\fR rlofi\fB, not\fR lofi\fB, in following command.\fR
539 547 # \fBmkfs -F pcfs -o nofdisk,size=20480 /dev/rlofi/1\fR
540 548 \fBConstruct a new FAT file system on /dev/rlofi/1: (y/n)?\fR y
541 549 # \fBmount -F pcfs /dev/lofi/1 /mnt\fR
542 550 # \fBcd /mnt\fR
543 551 # \fBdf -k .\fR
544 552 Filesystem kbytes used avail capacity Mounted on
545 553 /dev/lofi/1 10142 0 10142 0% /mnt
546 554 .fi
547 555 .in -2
548 556 .sp
549 557
550 558 .LP
551 559 \fBExample 5 \fRCompressing an Existing CD-ROM Image
552 560 .sp
553 561 .LP
554 562 The following example illustrates compressing an existing CD-ROM image
555 563 (\fBsolaris.iso\fR), verifying that the image is compressed, and then
556 564 uncompressing it.
557 565
558 566 .sp
559 567 .in +2
560 568 .nf
561 569 # \fBlofiadm -C gzip /export/home/solaris.iso\fR
562 570 .fi
563 571 .in -2
564 572 .sp
565 573
566 574 .sp
567 575 .LP
568 576 Use \fBlofiadm\fR to attach a block device to it:
569 577
570 578 .sp
571 579 .in +2
572 580 .nf
573 581 # \fBlofiadm -a /export/home/solaris.iso\fR
574 582 /dev/lofi/1
575 583 .fi
576 584 .in -2
577 585 .sp
578 586
579 587 .sp
580 588 .LP
581 589 Check if the mapped image is compressed:
582 590
583 591 .sp
584 592 .in +2
585 593 .nf
586 594 # \fBlofiadm\fR
587 595 Block Device File Options
588 596 /dev/lofi/1 /export/home/solaris.iso Compressed(gzip)
589 597 /dev/lofi/2 /export/home/regular.iso -
590 598 .fi
591 599 .in -2
592 600 .sp
593 601
594 602 .sp
595 603 .LP
596 604 Unmap the compressed image and uncompress it:
597 605
598 606 .sp
599 607 .in +2
600 608 .nf
601 609 # \fBlofiadm -d /dev/lofi/1\fR
602 610 # \fBlofiadm -U /export/home/solaris.iso\fR
603 611 .fi
604 612 .in -2
605 613 .sp
606 614
607 615 .LP
608 616 \fBExample 6 \fRCreating an Encrypted UFS File System on a File
609 617 .sp
610 618 .LP
611 619 This example is similar to the example of making a UFS filesystem on a file,
612 620 above.
613 621
614 622 .sp
615 623 .LP
616 624 Create the file:
617 625
618 626 .sp
619 627 .in +2
620 628 .nf
621 629 # \fBmkfile 35m /export/home/test\fR
622 630 .fi
623 631 .in -2
624 632 .sp
625 633
626 634 .sp
627 635 .LP
628 636 Attach the file to a block device and specify that the file image is encrypted.
629 637 As a result of this command, you obtain the character device, which is
630 638 subsequently used by \fBnewfs\fR:
631 639
632 640 .sp
633 641 .in +2
634 642 .nf
635 643 # \fBlofiadm -c aes-256-cbc -a /export/home/secrets\fR
636 644 Enter passphrase: \fBMy-M0th3r;l0v3s_m3+4lw4ys!\fR (\fBnot echoed\fR)
637 645 Re-enter passphrase: \fBMy-M0th3r;l0v3s_m3+4lw4ys!\fR (\fBnot echoed\fR)
638 646 /dev/lofi/1
639 647
640 648 # \fBnewfs /dev/rlofi/1\fR
641 649 newfs: construct a new file system /dev/rlofi/1: (y/n)? \fBy\fR
642 650 /dev/rlofi/1: 71638 sectors in 119 cylinders of 1 tracks, 602 sectors
643 651 35.0MB in 8 cyl groups (16 c/g, 4.70MB/g, 2240 i/g)
644 652 super-block backups (for fsck -F ufs -o b=#) at:
645 653 32, 9664, 19296, 28928, 38560, 48192, 57824, 67456,
646 654 .fi
647 655 .in -2
648 656 .sp
649 657
650 658 .sp
651 659 .LP
652 660 The mapped file system shows that encryption is enabled:
653 661
654 662 .sp
655 663 .in +2
656 664 .nf
657 665 # \fBlofiadm\fR
658 666 Block Device File Options
659 667 /dev/lofi/1 /export/home/secrets Encrypted
660 668 .fi
661 669 .in -2
662 670 .sp
663 671
664 672 .sp
665 673 .LP
666 674 Mount and use the filesystem:
667 675
668 676 .sp
669 677 .in +2
670 678 .nf
671 679 # \fBmount /dev/lofi/1 /mnt\fR
672 680 # \fBcp moms_secret_*_recipe /mnt\fR
673 681 # \fBls /mnt\fR
674 682 \&./ moms_secret_cookie_recipe moms_secret_soup_recipe
675 683 \&../ moms_secret_fudge_recipe moms_secret_stuffing_recipe
676 684 lost+found/ moms_secret_meatloaf_recipe moms_secret_waffle_recipe
677 685 # \fBumount /mnt\fR
678 686 # \fBlofiadm -d /dev/lofi/1\fR
679 687 .fi
680 688 .in -2
681 689 .sp
682 690
683 691 .sp
684 692 .LP
685 693 Subsequent attempts to map the filesystem with the wrong key or the wrong
686 694 encryption algorithm will fail:
687 695
688 696 .sp
689 697 .in +2
690 698 .nf
691 699 # \fBlofiadm -c blowfish-cbc -a /export/home/secrets\fR
692 700 Enter passphrase: \fBmommy\fR (\fInot echoed\fR)
693 701 Re-enter passphrase: \fBmommy\fR (\fInot echoed\fR)
694 702 lofiadm: could not map file /root/lofi: Invalid argument
695 703 # \fBlofiadm\fR
696 704 Block Device File Options
697 705 #
698 706 .fi
699 707 .in -2
700 708 .sp
701 709
702 710 .sp
703 711 .LP
704 712 Attempts to map the filesystem without encryption will succeed, however
705 713 attempts to mount and use the filesystem will fail:
706 714
707 715 .sp
708 716 .in +2
709 717 .nf
710 718 # \fBlofiadm -a /export/home/secrets\fR
711 719 /dev/lofi/1
712 720 # \fBlofiadm\fR
|
↓ open down ↓ |
478 lines elided |
↑ open up ↑ |
713 721 Block Device File Options
714 722 /dev/lofi/1 /export/home/secrets -
715 723 # \fBmount /dev/lofi/1 /mnt\fR
716 724 mount: /dev/lofi/1 is not this fstype
717 725 #
718 726 .fi
719 727 .in -2
720 728 .sp
721 729
722 730 .SH ENVIRONMENT VARIABLES
723 -.sp
724 731 .LP
725 732 See \fBenviron\fR(5) for descriptions of the following environment variables
726 733 that affect the execution of \fBlofiadm\fR: \fBLC_CTYPE\fR, \fBLC_MESSAGES\fR
727 734 and \fBNLSPATH\fR.
728 735 .SH EXIT STATUS
729 -.sp
730 736 .LP
731 737 The following exit values are returned:
732 738 .sp
733 739 .ne 2
734 740 .na
735 741 \fB\fB0\fR\fR
736 742 .ad
737 743 .sp .6
738 744 .RS 4n
739 745 Successful completion.
740 746 .RE
741 747
742 748 .sp
|
↓ open down ↓ |
3 lines elided |
↑ open up ↑ |
743 749 .ne 2
744 750 .na
745 751 \fB\fB>0\fR\fR
746 752 .ad
747 753 .sp .6
748 754 .RS 4n
749 755 An error occurred.
750 756 .RE
751 757
752 758 .SH SEE ALSO
753 -.sp
754 759 .LP
755 760 \fBfsck\fR(1M), \fBmount\fR(1M), \fBmount_ufs\fR(1M), \fBnewfs\fR(1M),
756 761 \fBattributes\fR(5), \fBlofi\fR(7D), \fBlofs\fR(7FS)
757 762 .SH NOTES
758 -.sp
759 763 .LP
760 764 Just as you would not directly access a disk device that has mounted file
761 765 systems, you should not access a file associated with a block device except
762 766 through the \fBlofi\fR file driver. It might also be appropriate to ensure that
763 767 the file has appropriate permissions to prevent such access.
764 768 .sp
765 769 .LP
766 770 The abilities of \fBlofiadm\fR, and who can use them, are controlled by the
767 771 permissions of \fB/dev/lofictl\fR. Read-access allows query operations, such as
768 772 listing all the associations. Write-access is required to do any state-changing
769 773 operations, like adding an association. As shipped, \fB/dev/lofictl\fR is owned
770 774 by \fBroot\fR, in group \fBsys\fR, and mode \fB0644\fR, so all users can do
771 775 query operations but only root can change anything. The administrator can give
772 776 users write-access, allowing them to add or delete associations, but that is
773 777 very likely a security hole and should probably only be given to a trusted
774 778 group.
775 779 .sp
776 780 .LP
777 781 When mounting a filesystem image, take care to use appropriate mount options.
778 782 In particular, the \fBnosuid\fR mount option might be appropriate for \fBUFS\fR
779 783 images whose origin is unknown. Also, some options might not be useful or
780 784 appropriate, like \fBlogging\fR or \fBforcedirectio\fR for \fBUFS\fR. For
781 785 compatibility purposes, a raw device is also exported along with the block
782 786 device. For example, \fBnewfs\fR(1M) requires one.
783 787 .sp
784 788 .LP
785 789 The output of \fBlofiadm\fR (without arguments) might change in future
786 790 releases.
|
↓ open down ↓ |
18 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX