[PATCH v2 0/7] makedumpfile security key filtering with eppic

Vivek Goyal vgoyal at redhat.com
Thu Nov 15 10:55:57 EST 2012

On Thu, Nov 15, 2012 at 09:27:45AM -0500, Dave Anderson wrote:

> > Yes, makedumpfile needs to be linked against eppic library for filtering
> > data and this will increase makedumpfile size and initramfs size too.
> Just to clarify -- your example indicates that the vmlinux file is required
> for this facility to work, correct?
> > makedumpfile -c -d 31 -x vmlinux --eppic key.c vmcore filtered_vmcore
> Clearly distros won't be putting the vmlinux file in the initramfs -- that's
> the whole reasoning behind vmcoreinfo.  So the 99% of users that aren't
> interested in scrubbing will have to pay the penalty of the larger makedumpfile
> binary.

That's a good point Dave. We will never put debug compiled vmlinux in 
initramfs. Following two alternatives come to my mind.

- Either makedumpfile provides some kind of library to parse/read/write
  dump files and we can write another stand alone utility for scrubbing
  dump files (say, scrub-vmcore),  and it can link against makedumpfile
  libraries to take advantage of existing code.

- Or, we just identify what we want to scrube and make that code part
  of makedumpfile. Export relevant data structures from kernel using

I prefer to keep things simple and like second option better.


More information about the kexec mailing list