Chinaunix首页 | 论坛 | 博客
  • 博客访问: 918350
  • 博文数量: 132
  • 博客积分: 9976
  • 博客等级: 中将
  • 技术积分: 1781
  • 用 户 组: 普通用户
  • 注册时间: 2007-08-30 20:40
文章分类

全部博文(132)

文章存档

2013年(1)

2011年(1)

2010年(15)

2009年(77)

2008年(36)

2007年(2)

我的朋友

分类:

2009-06-04 10:23:34

losetup 使用

==================================================================================
from:

                   MAINTENANCE COMMANDS                   
NAME
losetup - set up and control loop devices

SYNOPSIS
Get info:

losetup loop_device

losetup -a

Delete loop:

losetup -d loop_device

Print name of first unused loop device:

losetup -f

Setup loop device:

losetup [{-e|-E} encryption] [-o offset] [-p pfd] [-r]
{-f|loop_device} file

DESCRIPTION
losetup is used to associate loop devices with regular files or block
devices, to detach loop devices and to query the status of a loop
device. If only the loop_device argument is given, the status of the
corresponding loop device is shown.

Encryption
It is possible to specify transfer functions (for encryption/decryption
or other purposes) using one of the -E and -e options. There are two
mechanisms to specify the desired encryption: by number and by name. If
an encryption is specified by number then one has to make sure that the
Linux kernel knows about the encryption with that number, probably by
patching the kernel. Standard numbers that are always present are 0 (no
encryption) and 1 (XOR encryption). When the cryptoloop module is
loaded (or compiled in), it uses number 18. This cryptoloop module wil
take the name of an arbitrary encryption type and finds the module that
knows how to perform that encryption. (Thus, either one uses a number
different from 18 with the -E option, or one uses a name with the -e
option.)

OPTIONS
-a Show status of all loop devices.

-d Detach the file or device associated with the specified loop
device.

-E encryption_type
Enable data encryption with specified number.

-e encryption_name
Enable data encryption with specified name.

-f Find the first unused loop device. If a file argument is
present, use this device. Otherwise, print its name.

-o offset
The data start is moved offset bytes into the specified file or
device.

-p num Read the passphrase from file descriptor with number num instead
of from the terminal.

-r Setup read-only loop device.

RETURN VALUE
losetup returns 0 on success, nonzero on failure. When losetup displays
the status of a loop device, it returns 1 if the device is not config-
ured and 2 if an error occurred which prevented losetup from determin-
ing the status of the device.

FILES
/dev/loop0, /dev/loop1, ... loop devices (major=7)

EXAMPLE
If you are using the loadable module you must have the module loaded
first with the command

# insmod loop.o

Maybe also encryption modules are needed.

# insmod des.o # insmod cryptoloop.o

The following commands can be used as an example of using the loop
device.

# dd if=/dev/zero of=/file bs=1k count=100
# losetup -e des /dev/loop0 /file
Password:
Init (up to 16 hex digits):
# mkfs -t ext2 /dev/loop0 100
# mount -t ext2 /dev/loop0 /mnt
...
# umount /dev/loop0
# losetup -d /dev/loop0

If you are using the loadable module you may remove the module with the
command

# rmmod loop

RESTRICTION
DES encryption is painfully slow. On the other hand, XOR is terribly
weak.

Cryptoloop is deprecated and unmaintained in 2.6 kernels. Use dm-crypt.
For more details see .

Linux 2003-07-01

==================================================================================
from: http://www.shell-tips.com/2008/07/13/using-losetup-and-dd-to-secure-sensitive-data-encrypted-block-device/

My previous post was made a long time ago, so here is a draft that I finally decide to post. Let’s see how to secure some of your data with an encrypted block device using losetup and dd.

Steps will be :

  1. Create an image with dd
  2. Build a new device using the image with an encrypt algorythm by using losetup
  3. Format the device using mkfs.ext3
  4. Mount the device and start using it !

Of course, when you have mounted the device, your data are readable to anyone who have access to the mounted directory.

Create an image with dd

root@vm-ubuntu-lamp:~# dd if=/dev/zero of=encrypted.img bs=4k count=1000 seek=4001
1000+0 records in
1000+0 records out
4096000 bytes (4,1 MB) copied, 0,10063 seconds, 40,7 MB/s

We now have a raw image file using 4MB.

root@vm-ubuntu-lamp:~# ls -l encrypted.img
-rw-r–r– 1 root root 20484096 2008-07-12 13:38 encrypted.img
root@vm-ubuntu-lamp:~# du -hs encrypted.img
4,0M    encrypted.img

Create the encrypted device

root@vm-ubuntu-lamp:~# losetup -e aes /dev/loop0 encrypted.img
Password:
ioctl: LOOP_SET_STATUS: Invalid argument

Ooops.. Something wrong. Our losetup bin isn’t patched to use AES. On ubuntu/debian based OS, it’s is to deal.

apt-get install loop-aes-utils
root@vm-ubuntu-lamp:~# losetup -e aes /dev/loop0 encrypted.img
Password:
ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (128 bits) not supported by kernel

Hmm.. Still not good, we need now to patch or change our kernel for support encryption. We have to check if the “aes” and “cryptoloop” modules are loaded, if not we will load them.

root@vm-ubuntu-lamp:~# lsmod | grep aes
root@vm-ubuntu-lamp:~# modprobe aes
root@vm-ubuntu-lamp:~# lsmod | grep aes
aes 28608 0
root@vm-ubuntu-lamp:~# lsmod | grep cryptoloop
root@vm-ubuntu-lamp:~# modprobe cryptoloop
root@vm-ubuntu-lamp:~# lsmod | grep crypto
cryptoloop 4096 0
loop 17928 1 cryptoloop

If you don’t have the module with your current kernel, you will have to build it by activate the some kernel options.

CONFIG_BLK_DEV_LOOP=m
CONFIG_BLK_DEV_CRYPTOLOOP=m
CONFIG_CRYPTO_AES=m
CONFIG_CRYPTO_AES_586=m

Now we should be ok to load our encrypted image.
root@vm-ubuntu-lamp:~# losetup -e aes /dev/loop0 encrypted.img
Password:

Format the device with a proper filesystem

root@vm-ubuntu-lamp:~# mkfs.ext3 /dev/loop0
mke2fs 1.40-WIP (14-Nov-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
5016 inodes, 20004 blocks
1000 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=20709376
3 block groups
8192 blocks per group, 8192 fragments per group
1672 inodes per group
Superblock backups stored on blocks:
8193

Writing inode tables: done
Creating journal (1400 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 39 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.

Mount the device

Easiest step, just have to use the mount command.

root@vm-ubuntu-lamp:~# mkdir /mnt/encrypted
root@vm-ubuntu-lamp:~# mount /dev/loop0 /mnt/encrypted

root@vm-ubuntu-lamp:~# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda1 7850996 1346292 6105892 19% /
varrun 63052 40 63012 1% /var/run
varlock 63052 0 63052 0% /var/lock
procbususb 63052 68 62984 1% /proc/bus/usb
udev 63052 68 62984 1% /dev
devshm 63052 0 63052 0% /dev/shm
/dev/loop0 19366 1578 16788 9% /mnt/encrypted

root@vm-ubuntu-lamp:~# df -H
Filesystem             Size   Used  Avail Use% Mounted on
/dev/sda1              8,1G   1,4G   6,3G  19% /
varrun                  65M    41k    65M   1% /var/run
varlock                 65M      0    65M   0% /var/lock
procbususb              65M    70k    65M   1% /proc/bus/usb
udev                    65M    70k    65M   1% /dev
devshm                  65M      0    65M   0% /dev/shm
/dev/loop0              20M   1,7M    18M   9% /mnt/encrypted

If you want to go further on this subject :


==================================================================================
from:

Restore a partimage backup to loopback

  1. You need a file to mount as a HDD device - using DD, the following will instantly create a file of SIZE Gigabytes:
    # dd if=/dev/zero of=myharddisk.img bs=1000 count=0 seek=$[1000*1000*SIZE]
  2.  You need to make this file look like a block device (Choose a free /dev/loop device):
    # losetup /dev/loop0 myharddisk.img
  3. Start partimage manually from the command line, pointing to your loop device
    # partimage /dev/loop0 backupfile.000
  4. Remove the file from the loop device
    # losetup -d /dev/loop0
  5. Mount the new file on a directory
    # mount myharddisk.img /path/to/dir -o loop
  6. Enjoy the backup's files

Ubuntu Encrypted Loopback Disk

So I have a need for a encrypted disk - as a loop back file. I wrote earlier on how to restore a partimage backup to loopback, so lets see if we can make this work.

  1. We need to tell the kernal how to encrypt disks with a module
    modprobe cryptoloop
  2. Create the loop file (like before, but with urandom to help hide the disk, the count is MB*1000 so in this case 1M)
    dd if=/dev/urandom of=myharddisk.img bs=1000 count=1000 
  3. Create the loopback device (I'm going to use TwoFish)
    losetup -e twofish /dev/loop0 ./myharddisk.img
  4. At this point, you will be asked for a password - create your own
  5. Create the file system of choice (ext3 for me)
    mkfs.ext3 /dev/loop0  
  6. Mount the new loop back point /dev/loop0
    mount /dev/loop0 /mnt/my/mount/point

Enjoy!

==================================================================================
from:


Manual Reference Pages  - LOSETUP (8)

losetup - set up and control loop devices

CONTENTS









Get info:

losetup loop_device

losetup -a

Delete loop:

losetup -d loop_device

Print name of first unused loop device:

losetup -f

Setup loop device:

losetup [{-e|-E} encryption] [-o offset] [-p pfd] [-r] {-f[-s]|loop_device} file

losetup is used to associate loop devices with regular files or block devices, to detach loop devices and to query the status of a loop device. If only the loop_device argument is given, the status of the corresponding loop device is shown.

It is possible to specify transfer functions (for encryption/decryption or other purposes) using one of the -E and -e options. There are two mechanisms to specify the desired encryption: by number and by name. If an encryption is specified by number then one has to make sure that the Linux kernel knows about the encryption with that number, probably by patching the kernel. Standard numbers that are always present are 0 (no encryption) and 1 (XOR encryption). When the cryptoloop module is loaded (or compiled in), it uses number 18. This cryptoloop module will take the name of an arbitrary encryption type and finds the module that knows how to perform that encryption.
-a, --all show status of all loop devices
-d, --detach detach the file or device associated with the specified loop device
-e, -E, --encryption encryption_type enable data encryption with specified name or number
-f, --find find the first unused loop device. If a file argument is present, use this device. Otherwise, print its name.
-h, --help print help
-k, --keybits num set the number of bits to use in key to num.
-N, --nohashpass Do not hash the password. By default, Debian systems run the password through a hash function, non-Debian systems tend not to.
-o, --offset offset The data start is moved offset bytes into the specified file or device.
-p, --pass-fd num Read the passphrase from file descriptor with number num instead of from the terminal
-r, --read-only setup read-only loop device
-s, --show print device name if the -f option and a file argument are present
-v, --verbose verbose mode

losetup returns 0 on success, nonzero on failure. When losetup displays the status of a loop device, it returns 1 if the device is not configured and 2 if an error occurred which prevented losetup from determining the status of the device.

/dev/loop0, /dev/loop1, ...   loop devices (major=7)

If you are using the loadable module you must have the module loaded first with the command

# insmod loop.o
Maybe also encryption modules are needed.

# insmod des.o # insmod cryptoloop.o
The following commands can be used as an example of using the loop device.


# dd if=/dev/zero of=/file bs=1k count=100 # losetup -e des /dev/loop0 /file Password: Init (up to 16 hex digits): # mkfs -t ext2 /dev/loop0 100 # mount -t ext2 /dev/loop0 /mnt ... # umount /dev/loop0 # losetup -d /dev/loop0
If you are using the loadable module you may remove the module with the command

# rmmod loop
DES encryption is painfully slow. On the other hand, XOR is terribly weak. Both are insecure nowadays. Some ciphers may require a licence for you to be allowed to use them.

Cryptoloop is deprecated in favor of dm-crypt. For more details see cryptsetup(8).

The losetup command is part of the util-linux-ng package and is available from
Jump to page    or go to  |   |  .

Linux LOSETUP (8) 2003-07-01
Generated by from /usr/share/man/man8/losetup.8.gz using man macros.
==================================================================================
from: http://en.wikipedia.org/wiki/Loop_device

Loop device

From Wikipedia, the free encyclopedia

Jump to: navigation, search

In operating systems, a loop device, vnd (vnode disk), or lofi (loopback file interface) is a pseudo-device that makes a accessible as a block device.

Before use, a loop device must be connected to an existing file in the filesystem. The association provides the user with an that allows the file to be used in place of a block special file (cf. device file system). Thus, if the file contains an entire , the file may then be as if it were a disk device.

Files of this kind are often used for CD ISO images and floppy disc images. Mounting a file containing a filesystem via such a loop mount makes the files within that filesystem accessible. They appear in the directory.

A loop device may allow some kind of data elaboration during this redirection. For example, the device may be the unencrypted version of an encrypted file. In such a case, the file associated with a loop device may be another pseudo-device. This is mostly useful when this device contains an encrypted file system. If supported, the loop device is in this case the decrypted version of the original encrypted file and can therefore be mounted as if it were a normal filesystem.

Contents
[hide]
1 Examples
2 Uses of loop mounting
3 Availability
4 See also
5 References
6 External links

[edit] Examples

Mounting a file on a directory requires two steps:

  1. the file is associated with a loop device node, which is a special file
  2. the loop device is mounted on the directory

These two operations can be performed either using two separate commands, or through special flags to the mount command. The first operation can be executed by a specific command such as losetup[1] in , or lofiadm[2] in SunOS. As an example, if example.img is a regular file containing a filesystem and /home/you/dir is a directory on a Linux box, the can mount the file on the directory by executing the following two commands:

losetup /dev/loop0 example.img
mount /dev/loop0 /home/you/dir

The first command associates the loop device node /dev/loop0 with the regular file example.img. This association can be later destroyed by executing losetup -d /dev/loop0. The second command mounts the device on the directory /home/you/dir. The overall effect of executing these two commands is that the content of the file is used as the whole mounted directory. The system call used by losetup to associate and disassociate files with loop devices is an on the loop device.

An alternative way of doing the same is to let the mount utility handle the setting up of the loop device:

mount -o loop example.img /home/you/dir

In this case, the mount command performs both the association of the file with the loop device and the mount itself.

At the level of , the association and disassociation of a file with a loop device are done via 's on the loop device. Both losetup and mount therefore use such ioctl's to operate on loop devices. For example, losetup /dev/loop0 example.img opens device /dev/loop0 and performs an ioctl on the resulting file descriptor, passing LOOP_SET_FD as the request number and the string example.img as the third argument.

[edit] Uses of loop mounting

After mounting a file containing a filesystem, the files within the filesystem can be accessed through the usual filesystem interface of the operating system, without any need for special functionality, such as reading and writing to ISO images, in applications.

Uses include managing and editing filesystem images meant for later normal use (especially CD or DVD images or installation systems) or permanent segregation of data in actual use (for example simulating removable media on a faster and more convenient hard disk or encapsulating encrypted filesystems).

[edit] Availability

Some confusion exists about the naming of the loop device under various operating systems. Various Unix-like operating system provide the loop device functionality under different names.

In Linux, device names are encoded in the symbol table entries of their corresponding device drivers. The device is called "loop" device and device nodes in the device file system are named /dev/loop0, /dev/loop1, etc. and created by the makedev script. The management user interface for the loop device is losetup and is part of the package.

Sometimes, the loop device is erroneously referred to as 'loopback' device, but this term is reserved for a networking device in the Linux kernel (cf. ). The concept of the 'loop' device is distinct from that of 'loopback', although similar in name.

In BSD-derived systems, such as and , the loop device is called "virtual node device" or "vnd", and generally located at /dev/vnd0, /dev/rvnd0 or /dev/svnd0, etc., in the file system. The vnconfig program is used for configuration.

followed the same conventions as other BSD systems until release version 5, in which the loop device was incorporated into the memory disk driver ("md"). Configuration is now performed using the mdconfig[3] program.

In SunOS, the loop device is called "loopback file interface" or lofi, and located at /dev/lofi/1, etc. SunOS has the lofiadm configuration program.

implements a native image mounting mechanism as part of its random access disk device abstraction. In the user interface it is activated by doubleclicking on the image file name. It can handle disk, CD-ROM or DVD images in various formats.

Loop mounting is not natively available on operating systems. However, the facility is often added using third-party applications such as and . A from can also be used to achieve similar functionality.

[edit] See also

[edit] References

  1. ^
  2. ^
  3. ^

[edit] External links


==================================================================================
from:


==================================================================================
from:


==================================================================================
from:


阅读(3878) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~