| View previous topic :: View next topic |
| Author |
Message |
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1741
|
 Posted: Tue Apr 15, 2014 9:48 pm Post subject: getting started with lvm |
 |
|
While it seems there are a number of wonderful tutorials out there for setting up lvm on the operating system drive, I haven't quite seen any that explained how to do what I want.
Let's suppose I have a 1 TB hard drive for data only (nothing to do with the os).
I want to combine relative small parts (say 32 GB) into three or four pools of storage (that I can create and delete), and be able to reassign the 32 GB parts from one pool to another.
So first of all, I assume I have to create approximately thirty 32 GB partitions before I begin. Is that correct?
How do I create and delete the storage pools?
How do I assign (and unassign) a partition to a particular pool?
Thank you in advance. |
|
| Back to top |
|
 |
kwesadilo
n00b
Joined: 12 Jul 2010
Posts: 68
Location: United States
|
| Posted: Sun Apr 27, 2014 5:22 am Post subject: |
|
|
When you say pools of storage, do you mean a pool that would be used for a single filesystem or for multiple filesystems? The former would be a logical volume, and the latter would be a volume group. Since putting multiple filesystems/logical volumes on one disk partition is well-covered elsewhere, I take it you mean you want multiple volume groups, i.e. independent storage pools, on one disk partition, and you want to be able to move physical storage between those pools. As a caveat, I can't think of a good reason that you would do this, and what I'm about to describe is tedious and horrible and somewhat defeats the purpose of having LVM. But here is what I would do:
- Create like 300 32-GB partitions on your 1-TB HDD
- Make each of those partitions a pv using pvcreate
- Use vgcreate to create three or four volume groups, dividing the PVs up between them to suite
- Use lvcreate to create whatever logical volumes you want in each of the volume groups
- When you decide that you want to move a PV between VGs, use pvmove to move any data on that PV to other PVs in the same VG, then use vgreduce to remove that PV from the VG. Then use vgextend to add the PV to another VG.
- During the preceding process make whatever adjustments are necessary for your filesystem and LV sizes to ensure that no filesystem is larger than the LV that contains it.
That seems very labor-intensive and error-prone to me. I suspect you'd be much happier making one PV for your whole drive and one VG over that and then making several LVs for your different filesystems and resizing them as needed. |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3134
|
| Posted: Sun Apr 27, 2014 8:46 am Post subject: |
|
|
yes, just create one partition on phisical drive, create phisical volume on it, create volume group with this phisical volume and then create as many logical volumes as you need at the moment (then create filesystems on them as you would do with any other partition without lvm). You can add more logical volumes later, or resize existing volumes - just make sure filesystem never is bigger than lv it resides on or you WILL lose some data - as long as you have unsused space. And when you need more space, you can buy another phisical drive, plug it, create phisical volume on it and.... add it to existing volume group which allows you even creating logical volumes bigger than any of the disks you have plugged in.
There are a lot of good howtos on what command to use and with what parameters.
Now, if you needed multiple volume groups, you would know you need it, and you would kow lvm well enough not to ask this question, so don't bother with creating 300 partitions and a dozen of volume groups. 1 partition for lvm per phisical drive is enough, and 1 volume group for all your phisical and logical volumes.
I don't think you can boot from lvm though, so if you wanted to ever have root on lvm you must make separate /boot partition that will be accessed directly rather than by lvm - since you were talking about data storage space it's not likely your concern right now, but it's good to know anyway for when you change your mind.
maybe i'm chaotic right now, but I remember i was a bit puzzled with design of LVM stack at first, so here's a littlle thing to help grasp the concept:
pv is a device or partition that actualy stores data
lv is a name for a piece of space you want to access, making it effectively a partition you mount and use
vg is a way to merge all space from all pvs you have added to it and atcs as a big hard drive you can repartition at any time to add, delete or resize lvs - and it's easy t omanage since you request a partition of given size rather than starting at sector X and ending at sector Y. You don't care where it starts, you order some amount of space and you get it. |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1741
|
| Posted: Tue Apr 29, 2014 12:19 am Post subject: |
|
|
Thanks for the replies (sorry I didn't notice them sooner).
| kwesadilo wrote: | | When you say pools of storage, do you mean a pool that would be used for a single filesystem or for multiple filesystems? |
I need multiple storage pools that MUST be physically isolated from each other - this is a policy (legal) requirement.
| kwesadilo wrote: | | 1. Create like 300 32-GB partitions on your 1-TB HDD |
It would only be about thirty partitions (not 300). :) I think there is a limit of 128 partitions on a single disk anyway.
I have been studying this more, and it seems that LVM isn't really well suited for dynamically adjusting storage. If I understand, every change of a physical volume from one volume group to another requires adjusting the size of the logical volumes AND filesystems - something that just seems fraught with danger (doubly so given that I will use an encryption layer under everything).
I just started looking at zfs pools, with which (again, if I understand, and that is far from certain) additional storage can be added with just one command.
The problem I am having now is that something (I can't determine which program) is not allowing access to more than the first sixteen partitions on the hard drive.
I encrypted the disk:
| Code: |
# cryptsetup -v luksFormat /dev/sdx
# cryptsetup open /dev/sdx disk
|
Then created the partitions using gdisk.
I removed (unplugged), reinserted, remounted, and unlocked the hard drive, but none of the partitions show up:
| Code: |
# ls -al /dev/mapper/
total 0
drwxr-xr-x 2 root root 80 2014-04-27 05:24:20 ./
drwxr-xr-x 17 root root 5260 2014-04-27 05:24:20 ../
crw------- 1 root root 10, 236 2014-04-27 05:06:28 control
lrwxrwxrwx 1 root root 7 2014-04-27 05:24:20 disk -> ../dm-0
# ls -al /dev/dm-0
brw-rw---- 1 root disk 253, 0 2014-04-27 05:24:20 /dev/dm-0
|
So I ran partprobe to request that the partition tables be reread, and it only showed the first sixteen partitions:
| Code: |
# partprobe
# ls -al /dev/mapper/
total 0
drwxr-xr-x 2 root root 400 2014-04-27 18:42:29 ./
drwxr-xr-x 17 root root 5580 2014-04-27 18:42:29 ../
crw------- 1 root root 10, 236 2014-04-27 05:06:28 control
lrwxrwxrwx 1 root root 7 2014-04-27 18:42:30 disk -> ../dm-0
brw------- 1 root root 253, 1 2014-04-27 18:42:29 diskp1
brw------- 1 root root 253, 10 2014-04-27 18:42:29 diskp10
brw------- 1 root root 253, 11 2014-04-27 18:42:29 diskp11
brw------- 1 root root 253, 12 2014-04-27 18:42:29 diskp12
brw------- 1 root root 253, 13 2014-04-27 18:42:29 diskp13
brw------- 1 root root 253, 14 2014-04-27 18:42:29 diskp14
brw------- 1 root root 253, 15 2014-04-27 18:42:29 diskp15
brw------- 1 root root 253, 16 2014-04-27 18:42:29 diskp16
brw------- 1 root root 253, 2 2014-04-27 18:42:29 diskp2
brw------- 1 root root 253, 3 2014-04-27 18:42:29 diskp3
brw------- 1 root root 253, 4 2014-04-27 18:42:29 diskp4
brw------- 1 root root 253, 5 2014-04-27 18:42:29 diskp5
brw------- 1 root root 253, 6 2014-04-27 18:42:29 diskp6
brw------- 1 root root 253, 7 2014-04-27 18:42:29 diskp7
brw------- 1 root root 253, 8 2014-04-27 18:42:29 diskp8
brw------- 1 root root 253, 9 2014-04-27 18:42:29 diskp9
# ls -al /dev/dm-*
brw-rw---- 1 root disk 253, 0 2014-04-27 18:42:30 /dev/dm-0
brw-rw---- 1 root disk 253, 1 2014-04-27 18:42:31 /dev/dm-1
brw-rw---- 1 root disk 253, 10 2014-04-27 18:42:30 /dev/dm-10
brw-rw---- 1 root disk 253, 11 2014-04-27 18:42:31 /dev/dm-11
brw-rw---- 1 root disk 253, 12 2014-04-27 18:42:30 /dev/dm-12
brw-rw---- 1 root disk 253, 13 2014-04-27 18:42:31 /dev/dm-13
brw-rw---- 1 root disk 253, 14 2014-04-27 18:42:31 /dev/dm-14
brw-rw---- 1 root disk 253, 15 2014-04-27 18:42:31 /dev/dm-15
brw-rw---- 1 root disk 253, 16 2014-04-27 18:42:31 /dev/dm-16
brw-rw---- 1 root disk 253, 2 2014-04-27 18:42:31 /dev/dm-2
brw-rw---- 1 root disk 253, 3 2014-04-27 18:42:31 /dev/dm-3
brw-rw---- 1 root disk 253, 4 2014-04-27 18:42:30 /dev/dm-4
brw-rw---- 1 root disk 253, 5 2014-04-27 18:42:30 /dev/dm-5
brw-rw---- 1 root disk 253, 6 2014-04-27 18:42:30 /dev/dm-6
brw-rw---- 1 root disk 253, 7 2014-04-27 18:42:31 /dev/dm-7
brw-rw---- 1 root disk 253, 8 2014-04-27 18:42:30 /dev/dm-8
brw-rw---- 1 root disk 253, 9 2014-04-27 18:42:30 /dev/dm-9
|
I am also wondering if all of the partition entries in /dev/mapper/ shouldn't be links (like the entire disk is), but that is a secondary issue.
I can add the nodes (with mknod) and / links manually, but that doesn't make them accessible in the device manager.
| Code: |
# dmsetup ls
diskp2 (253:2)
diskp1 (253:1)
diskp16 (253:16)
disk (253:0)
diskp9 (253:9)
diskp15 (253:15)
diskp8 (253:8)
diskp14 (253:14)
diskp7 (253:7)
diskp13 (253:13)
diskp6 (253:6)
diskp12 (253:12)
diskp5 (253:5)
diskp11 (253:11)
diskp4 (253:4)
diskp10 (253:10)
diskp3 (253:3)
|
I am probably more confused than aver as to how to proceed. :( |
|
| Back to top |
|
|
vaxbrat
l33t
Joined: 05 Oct 2005
Posts: 731
Location: DC Burbs
|
| Posted: Tue Apr 29, 2014 2:22 am Post subject: consider btrfs subvolumes too |
|
|
| Seeing as how you might consider something other than lvm (ie zfs pools), you will also want to look at btrfs subvolumes. Unlike zfs, you can selectively enable automatic compression depending on what you think the data will allow. If you need to spread redundant copies of objects around on separate physical drives, look at running ceph on top of btrfs. |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Apr 29, 2014 3:29 am Post subject: |
|
|
| curmudgeon wrote: | | I encrypted the disk [...] Then created the partitions using gdisk. |
curmudgeon ... that's certainly wrong, its disk format => cryptsetup => lvm.
best ... khay |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1741
|
| Posted: Tue Apr 29, 2014 8:10 am Post subject: Re: consider btrfs subvolumes too |
|
|
| vaxbrat wrote: | | Seeing as how you might consider something other than lvm (ie zfs pools), you will also want to look at btrfs subvolumes. |
I looked briefly at btrfs (obviously an alternative to zfs), but sort of downgraded it for a number of reasons, Basically, it just seems less far along (especially for capabilities such as raid), it still seems more experimental, and it appears that there is less urgency to build encryption into the filesystem - the best long range solution (of course, zfs on solaris has had encryption for some time).
| vaxbrat wrote: | | Unlike zfs, you can selectively enable automatic compression depending on what you think the data will allow. If you need to spread redundant copies of objects around on separate physical drives, look at running ceph on top of btrfs. |
Compression is not an issue, and zfs can offer redundancy ("copies=2") even without using raid.
I am not (theoretically) against using btrfs. I am mostly looking at stability at this moment. Maybe you can convince me that btrfs is better to use right now. :)
In any case, at the moment I am stuck on the fact that I can only access the first sixteen partitions on the hard drive.
| khayyam wrote: | | curmudgeon wrote: | | I encrypted the disk [...] Then created the partitions using gdisk. |
curmudgeon ... that's certainly wrong, its disk format => cryptsetup => lvm. |
Please explain why that is wrong.
From http://en.wikipedia.org/wiki/Btrfs (referencing the btrfs faq at http://btrfs.wiki.kernel.org/index.php?title=FAQ#Does_btrfs_support_encryption.3F):
| Quote: |
[Encryption] is unlikely to be implemented for some time, if ever, due to the complexity of implementation and pre-existing tested and peer-reviewed solutions. The current recommendation for encryption with Btrfs is to use a full-disk encryption mechanism such as dm-crypt/LUKS on the underlying devices, and to create the Btrfs filesystem on top of that layer (and that if a RAID is to be used with encryption, encrypting a dm-raid device or a hardware-RAID device gives much faster disk performance than dm-crypt overlaid by Btrfs' own filesystem-level RAID features).
|
That sounds like what I am attempting to do (and it is what I want - one key for the entire hard drive rather than having to manage several dozen keys). |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Apr 29, 2014 12:57 pm Post subject: Re: consider btrfs subvolumes too |
|
|
| curmudgeon wrote: | | khayyam wrote: | | curmudgeon wrote: | | I encrypted the disk [...] Then created the partitions using gdisk. |
curmudgeon ... that's certainly wrong, its disk format => cryptsetup => lvm. |
Please explain why that is wrong. |
curmudgeon ... I see nothing in those links that suggest otherwise, unless you mean "[t]ypically, partition (or entire disk) encryption is used to protect data in case a computer is stolen", which suggests a "partition" or "entire disk". I don't think this is intended to mean the disk *including* the partition table but a disk with one or many partitions.
If you could "partition" a dm-crypt then what would the following '<device>' refer to?
| Code: | | # cryptsetup luksOpen <device> <name> |
... or if '<device>' is the entire sda where exactly is the MBR or ESP, and how would the partition table within the encrypted volume be read, because 'sda' doesn't have partitions, or GPT headers, or protective MBR.
Typically you have hardware partitioning on the physical disk, these partitions (whether GPT or MBR) are identified by the kernel as it reads the partition table, an initramfs can then run 'cryptsetup luksOpen' on the '<device>' and have it 'mapped' to '/dev/mapper/' it can then be mounted (assuming this volume has a filesystem) or 'vgscan ; vgchange -a y' run, the lvm made active, and the lv's mounted.
best ... khay |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1741
|
| Posted: Tue Apr 29, 2014 7:45 pm Post subject: Re: consider btrfs subvolumes too |
|
|
| khayyam wrote: | | curmudgeon ... I see nothing in those links that suggest otherwise, unless you mean "[t]ypically, partition (or entire disk) encryption is used to protect data in case a computer is stolen", which suggests a "partition" or "entire disk". I don't think this is intended to mean the disk *including* the partition table but a disk with one or many partitions. |
I was referring to the part that said:
| Quote: |
The current recommendation for encryption with Btrfs is to use a full-disk encryption mechanism such as dm-crypt/LUKS on the underlying devices, and to create the Btrfs filesystem on top of that layer...
|
To me, that implied that encryption was at the very bottom layer, and everything else was on top of that.
| khayyam wrote: | If you could "partition" a dm-crypt then what would the following '<device>' refer to?
| Code: | | # cryptsetup luksOpen <device> <name> |
... or if '<device>' is the entire sda where exactly is the MBR or ESP, and how would the partition table within the encrypted volume be read, because 'sda' doesn't have partitions, or GPT headers, or protective MBR. |
Just like you have sda, sda1, sda2,... you can have (see my earlier post) disk, diskp1, diskp2....
| khayyam wrote: | | Typically you have hardware partitioning on the physical disk, these partitions (whether GPT or MBR) are identified by the kernel as it reads the partition table, an initramfs can then run 'cryptsetup luksOpen' on the '<device>' and have it 'mapped' to '/dev/mapper/' it can then be mounted (assuming this volume has a filesystem) or 'vgscan ; vgchange -a y' run, the lvm made active, and the lv's mounted. |
Typically you do, but it is not required. You can "partition" a file, and then mount the partitions using the loop device. I don't see anything to prohibit installing partitions on an encrypted hard drive, and everything would (apparently) work fine if the tools would just process all of the partitions instead of just the first sixteen. |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Tue Apr 29, 2014 9:05 pm Post subject: Re: consider btrfs subvolumes too |
|
|
| curmudgeon wrote: | I was referring to the part that said:
| Quote: | | The current recommendation for encryption with Btrfs is to use a full-disk encryption mechanism such as dm-crypt/LUKS on the underlying devices, and to create the Btrfs filesystem on top of that layer... |
To me, that implied that encryption was at the very bottom layer, and everything else was on top of that. |
curmudgeon .... it could be read as meaning ("devices") sda1, sdb1, etc, but ok, once the "devices" are mapped to /dev/mapper/<name> why is a partition map required, lvm doesn't need them, btrfs can add multiple block devices to a single filesystem, has subvolumes (which, though I'm not that familar with btrfs, I assume are like lv's), etc, ... so why does the block device need to be partitoned? That is one of the reasons for using lvm (and I assume the same is true of btrfs and zfs). Thats why I intitally thought your setup was in the wrong order, because, if you're going to put a partition map anywhere it would be on the physical disk as lvm don't require them.
best ... khay |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1741
|
| Posted: Wed Apr 30, 2014 2:18 am Post subject: Re: consider btrfs subvolumes too |
|
|
| khayyam wrote: | | curmudgeon .... it could be read as meaning ("devices") sda1, sdb1, etc, but ok, once the "devices" are mapped to /dev/mapper/<name> why is a partition map required, lvm doesn't need them, btrfs can add multiple block devices to a single filesystem, has subvolumes (which, though I'm not that familar with btrfs, I assume are like lv's), etc, ... so why does the block device need to be partitoned? |
I tried to explain that above (and obviously did not do a good job of it :( ). There is a legal requirement for physical separation of the storage pools (or filesystems, or whatever). Letting a volume manager mix all of these together (physically, if not logically) is absolutely forbidden for this project. Separate physical partitions are acceptable.
| khayyam wrote: | | That is one of the reasons for using lvm (and I assume the same is true of btrfs and zfs). Thats why I intitally thought your setup was in the wrong order, because, if you're going to put a partition map anywhere it would be on the physical disk as lvm don't require them. |
I could create the partitions directly on the hard drive, but that makes key management a huge pain. There are several dozen of them, and automatic mounting (again, per policy) is prohibited - the pass phrase for each partition must be entered manually at each mount. Therefore, it seems much easier (and cleaner) to encrypt the entire hard drive (only one key) and create the partitions on top of that.
I haven't tried creating that many partitions directly on a hard drive AND THEN encrypting those partitions, but there is no guarantee that the device mapper would do any better with partitions after the first sixteen if I did it that way that it does with the way that I am trying to do it now. In fact, I would suspect that it wouldn't.
Maybe there is some way of using LVM to accomplish what I want without partitions that I don't see (quite possible -I have never used any of this stuff before). |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Wed Apr 30, 2014 12:16 pm Post subject: Re: consider btrfs subvolumes too |
|
|
| curmudgeon wrote: | | There is a legal requirement for physical separation of the storage pools (or filesystems, or whatever). Letting a volume manager mix all of these together (physically, if not logically) is absolutely forbidden for this project. Separate physical partitions are acceptable. |
curmudgeon ... so what constitutes "physical separation", dividing a hardisk into multiple *logical* storage units?
| curmudgeon wrote: | | I could create the partitions directly on the hard drive, but that makes key management a huge pain. There are several dozen of them, and automatic mounting (again, per policy) is prohibited - the pass phrase for each partition must be entered manually at each mount. Therefore, it seems much easier (and cleaner) to encrypt the entire hard drive (only one key) and create the partitions on top of that. |
... and that is exactly what lvm does ... you have your outer luks volume (sda1) and within that *logical* volumes.
| Code: | # print -rl /dev/mapper/*
/dev/mapper/control
/dev/mapper/enc_root
/dev/mapper/vg-home
/dev/mapper/vg-root
/dev/mapper/vg-swap
/dev/mapper/vg-var |
best ... khay |
|
| Back to top |
|
|
frostschutz
Advocate
Joined: 22 Feb 2005
Posts: 2977
Location: Germany
|
| Posted: Wed Apr 30, 2014 1:54 pm Post subject: Re: getting started with lvm |
|
|
| curmudgeon wrote: | | So first of all, I assume I have to create approximately thirty 32 GB partitions before I begin. Is that correct? |
One physical volume (single partition) and then dozens of 32GB sized Logical Volume (for example, for VM usage) is fine.
30 partitions and then combining them back together with LVM is not fine at all, it's completely braindead.
I've read the other replies as well but so far it seems entirely unclear to me what it is you want to achieve and why. LVM is just another (more flexible/powerful) way of partitioning a disk. If you don't want or don't need that because you need fixed sized partitions at fixed offsets for a certain applications, then just don't use it. |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1741
|
| Posted: Wed Apr 30, 2014 10:41 pm Post subject: |
|
|
Let me give a simple case of a problem that whatever method I choose must handle.
Suppose I have two storage pools (call them hatfield and mccoy).
Suppose I need more storage in mccoy, and want to obtain that storage by shrinking hatfield.
Obviously, I need to sanitize (clear and validate) the media after removing it from hatfield, and before adding it to mccoy (see NIST SP 800-88, NSA 130-1 and DoD 5220.22-M).
With separate physical partitions, this is trivial (remove the partitions from hatfield, shred them, verify that they are zeroed out, recreate them, and add them to mccoy).
I don't see how this is possible giving a volume manager control over a single partition hard drive. Maybe there is a way to do this using that method (and maybe, in fact, it is just as easy, if not easier). If this can be done, please enlighten me as to how. I will state again that security is the primary (and secondary, and tertiary) concern(s). |
|
| Back to top |
|
|
frostschutz
Advocate
Joined: 22 Feb 2005
Posts: 2977
Location: Germany
|
| Posted: Thu May 01, 2014 1:59 pm Post subject: |
|
|
shred works happily with Logical Volumes.
shred existing logical volume:
| Code: |
shred -v -n 1 -z /dev/somevg/somelv
sync
cmp /dev/zero /dev/somevg/somelv
EOF on /dev/somevg/somelv
|
shred free (unallocated) space in a volume group:
| Code: |
lvcreate -l100%FREE -n temporary-shred-lv somevg
shred -v -n 1 -z /dev/somevg/temporary-shred-lv
sync
cmp /dev/zero /dev/somevg/temporary-shred-lv
EOF on /dev/somevg/temporary-shred-lv
lvremove somevg/temporary-shred-lv
|
> NIST SP 800-88, NSA 130-1 and DoD 5220.22-M
a single pass is sufficient, the above shred example does already two (one with random data, followed with zeroes)
for better security you might consider encryption |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1741
|
| Posted: Thu May 01, 2014 4:45 pm Post subject: |
|
|
| frostschutz wrote: | shred works happily with Logical Volumes.
shred existing logical volume:
| Code: |
shred -v -n 1 -z /dev/somevg/somelv
sync
cmp /dev/zero /dev/somevg/somelv
EOF on /dev/somevg/somelv
|
|
I don't need to shred a logical volume. I need to shred the space REMOVED from a logical volume.
| frostschutz wrote: | shred free (unallocated) space in a volume group:
| Code: |
lvcreate -l100%FREE -n temporary-shred-lv somevg
shred -v -n 1 -z /dev/somevg/temporary-shred-lv
sync
cmp /dev/zero /dev/somevg/temporary-shred-lv
EOF on /dev/somevg/temporary-shred-lv
lvremove somevg/temporary-shred-lv
|
|
There could be potential here (sorry, I don't really understand the options - I will have to research them). A couple of thoughts comes to mind, though. First, if there were a lot of free space (and say I only needed to transfer a small amount of it), shredding it could take a significant amount of time (much of it unnecessary). Second, if ALL of the free space is going to a temporary volume, doesn't that leave the volume that it came from vulnerable (to writes failing because there is no available space)?
| frostschutz wrote: | | for better security you might consider encryption |
Yes, there will be encryption (but that does not eliminate the necessity of sanitizing the storage media). I have mentioned encryption several times in this thread already. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Other Things Gentoo
