[PATCH v2 0/7] makedumpfile security key filtering with eppic
vgoyal at redhat.com
Thu Nov 15 10:55:57 EST 2012
On Thu, Nov 15, 2012 at 09:27:45AM -0500, Dave Anderson wrote:
> > Yes, makedumpfile needs to be linked against eppic library for filtering
> > data and this will increase makedumpfile size and initramfs size too.
> Just to clarify -- your example indicates that the vmlinux file is required
> for this facility to work, correct?
> > makedumpfile -c -d 31 -x vmlinux --eppic key.c vmcore filtered_vmcore
> Clearly distros won't be putting the vmlinux file in the initramfs -- that's
> the whole reasoning behind vmcoreinfo. So the 99% of users that aren't
> interested in scrubbing will have to pay the penalty of the larger makedumpfile
That's a good point Dave. We will never put debug compiled vmlinux in
initramfs. Following two alternatives come to my mind.
- Either makedumpfile provides some kind of library to parse/read/write
dump files and we can write another stand alone utility for scrubbing
dump files (say, scrub-vmcore), and it can link against makedumpfile
libraries to take advantage of existing code.
- Or, we just identify what we want to scrube and make that code part
of makedumpfile. Export relevant data structures from kernel using
I prefer to keep things simple and like second option better.
More information about the kexec