[PATCH v2 0/7] makedumpfile security key filtering with eppic
vgoyal at redhat.com
Fri Nov 16 09:36:49 EST 2012
On Fri, Nov 16, 2012 at 03:22:50PM +0530, Aravinda Prasad wrote:
> On 2012-11-15 21:25, Vivek Goyal wrote:
> > On Thu, Nov 15, 2012 at 09:27:45AM -0500, Dave Anderson wrote:
> > [..]
> >>> Yes, makedumpfile needs to be linked against eppic library for filtering
> >>> data and this will increase makedumpfile size and initramfs size too.
> >> Just to clarify -- your example indicates that the vmlinux file is required
> >> for this facility to work, correct?
> >>> makedumpfile -c -d 31 -x vmlinux --eppic key.c vmcore filtered_vmcore
> >> Clearly distros won't be putting the vmlinux file in the initramfs -- that's
> >> the whole reasoning behind vmcoreinfo. So the 99% of users that aren't
> >> interested in scrubbing will have to pay the penalty of the larger makedumpfile
> >> binary.
> > That's a good point Dave. We will never put debug compiled vmlinux in
> > initramfs. Following two alternatives come to my mind.
> As I mentioned, we don't need vmlinux in initramfs as filtering is done
> during post processing only.
You are missing the point. The point is that despite the fact that
scrubbing will never be done from initramfs, all the users will pay
penalty for increased makedumpfile size.
So why not write a separate tool (scrub-vmcore) so that makedumpfile
users don't pay the bloated size penatly.
More information about the kexec