全部博文(132)
分类:
2009-06-04 10:23:34
MAINTENANCE COMMANDS
NAME
losetup - set up and control loop devices
SYNOPSIS
Get info:
losetup loop_device
losetup -a
Delete loop:
losetup -d loop_device
Print name of first unused loop device:
losetup -f
Setup loop device:
losetup [{-e|-E} encryption] [-o offset] [-p pfd] [-r]
{-f|loop_device} file
DESCRIPTION
losetup is used to associate loop devices with regular files or block
devices, to detach loop devices and to query the status of a loop
device. If only the loop_device argument is given, the status of the
corresponding loop device is shown.
Encryption
It is possible to specify transfer functions (for encryption/decryption
or other purposes) using one of the -E and -e options. There are two
mechanisms to specify the desired encryption: by number and by name. If
an encryption is specified by number then one has to make sure that the
Linux kernel knows about the encryption with that number, probably by
patching the kernel. Standard numbers that are always present are 0 (no
encryption) and 1 (XOR encryption). When the cryptoloop module is
loaded (or compiled in), it uses number 18. This cryptoloop module wil
take the name of an arbitrary encryption type and finds the module that
knows how to perform that encryption. (Thus, either one uses a number
different from 18 with the -E option, or one uses a name with the -e
option.)
OPTIONS
-a Show status of all loop devices.
-d Detach the file or device associated with the specified loop
device.
-E encryption_type
Enable data encryption with specified number.
-e encryption_name
Enable data encryption with specified name.
-f Find the first unused loop device. If a file argument is
present, use this device. Otherwise, print its name.
-o offset
The data start is moved offset bytes into the specified file or
device.
-p num Read the passphrase from file descriptor with number num instead
of from the terminal.
-r Setup read-only loop device.
RETURN VALUE
losetup returns 0 on success, nonzero on failure. When losetup displays
the status of a loop device, it returns 1 if the device is not config-
ured and 2 if an error occurred which prevented losetup from determin-
ing the status of the device.
FILES
/dev/loop0, /dev/loop1, ... loop devices (major=7)
EXAMPLE
If you are using the loadable module you must have the module loaded
first with the command
# insmod loop.o
Maybe also encryption modules are needed.
# insmod des.o # insmod cryptoloop.o
The following commands can be used as an example of using the loop
device.
# dd if=/dev/zero of=/file bs=1k count=100
# losetup -e des /dev/loop0 /file
Password:
Init (up to 16 hex digits):
# mkfs -t ext2 /dev/loop0 100
# mount -t ext2 /dev/loop0 /mnt
...
# umount /dev/loop0
# losetup -d /dev/loop0
If you are using the loadable module you may remove the module with the
command
# rmmod loop
RESTRICTION
DES encryption is painfully slow. On the other hand, XOR is terribly
weak.
Cryptoloop is deprecated and unmaintained in 2.6 kernels. Use dm-crypt.
For more details see .
Linux 2003-07-01
My previous post was made a long time ago, so here is a draft that I finally decide to post. Let’s see how to secure some of your data with an encrypted block device using losetup and dd.
Steps will be :
Of course, when you have mounted the device, your data are readable to anyone who have access to the mounted directory.
Create an image with dd
root@vm-ubuntu-lamp:~# dd if=/dev/zero of=encrypted.img bs=4k count=1000 seek=4001
1000+0 records in
1000+0 records out
4096000 bytes (4,1 MB) copied, 0,10063 seconds, 40,7 MB/s
We now have a raw image file using 4MB.
root@vm-ubuntu-lamp:~# ls -l encrypted.img
-rw-r–r– 1 root root 20484096 2008-07-12 13:38 encrypted.img
root@vm-ubuntu-lamp:~# du -hs encrypted.img
4,0M encrypted.img
Create the encrypted device
root@vm-ubuntu-lamp:~# losetup -e aes /dev/loop0 encrypted.img
Password:
ioctl: LOOP_SET_STATUS: Invalid argument
Ooops.. Something wrong. Our losetup bin isn’t patched to use AES. On ubuntu/debian based OS, it’s is to deal.
apt-get install loop-aes-utils
root@vm-ubuntu-lamp:~# losetup -e aes /dev/loop0 encrypted.img
Password:
ioctl: LOOP_SET_STATUS: Invalid argument, requested cipher or key length (128 bits) not supported by kernel
Hmm.. Still not good, we need now to patch or change our kernel for support encryption. We have to check if the “aes” and “cryptoloop” modules are loaded, if not we will load them.
root@vm-ubuntu-lamp:~# lsmod | grep aes
root@vm-ubuntu-lamp:~# modprobe aes
root@vm-ubuntu-lamp:~# lsmod | grep aes
aes 28608 0
root@vm-ubuntu-lamp:~# lsmod | grep cryptoloop
root@vm-ubuntu-lamp:~# modprobe cryptoloop
root@vm-ubuntu-lamp:~# lsmod | grep crypto
cryptoloop 4096 0
loop 17928 1 cryptoloop
If you don’t have the module with your current kernel, you will have to build it by activate the some kernel options.
CONFIG_BLK_DEV_LOOP=m
CONFIG_BLK_DEV_CRYPTOLOOP=m
CONFIG_CRYPTO_AES=m
CONFIG_CRYPTO_AES_586=m
Now we should be ok to load our encrypted image.
root@vm-ubuntu-lamp:~# losetup -e aes /dev/loop0 encrypted.img
Password:
Format the device with a proper filesystem
root@vm-ubuntu-lamp:~# mkfs.ext3 /dev/loop0
mke2fs 1.40-WIP (14-Nov-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
5016 inodes, 20004 blocks
1000 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=20709376
3 block groups
8192 blocks per group, 8192 fragments per group
1672 inodes per group
Superblock backups stored on blocks:
8193Writing inode tables: done
Creating journal (1400 blocks): done
Writing superblocks and filesystem accounting information: doneThis filesystem will be automatically checked every 39 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
Mount the device
Easiest step, just have to use the mount command.
root@vm-ubuntu-lamp:~# mkdir /mnt/encrypted
root@vm-ubuntu-lamp:~# mount /dev/loop0 /mnt/encryptedroot@vm-ubuntu-lamp:~# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda1 7850996 1346292 6105892 19% /
varrun 63052 40 63012 1% /var/run
varlock 63052 0 63052 0% /var/lock
procbususb 63052 68 62984 1% /proc/bus/usb
udev 63052 68 62984 1% /dev
devshm 63052 0 63052 0% /dev/shm
/dev/loop0 19366 1578 16788 9% /mnt/encryptedroot@vm-ubuntu-lamp:~# df -H
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 8,1G 1,4G 6,3G 19% /
varrun 65M 41k 65M 1% /var/run
varlock 65M 0 65M 0% /var/lock
procbususb 65M 70k 65M 1% /proc/bus/usb
udev 65M 70k 65M 1% /dev
devshm 65M 0 65M 0% /dev/shm
/dev/loop0 20M 1,7M 18M 9% /mnt/encrypted
If you want to go further on this subject :
losetup - set up and control loop devices
Get info:losetup loop_device
losetup -a
Delete loop:
losetup -d loop_device
Print name of first unused loop device:
losetup -f
Setup loop device:
losetup [{-e|-E} encryption] [-o offset] [-p pfd] [-r] {-f[-s]|loop_device} file
losetup is used to associate loop devices with regular files or block devices, to detach loop devices and to query the status of a loop device. If only the loop_device argument is given, the status of the corresponding loop device is shown.
It is possible to specify transfer functions (for encryption/decryption or other purposes) using one of the -E and -e options. There are two mechanisms to specify the desired encryption: by number and by name. If an encryption is specified by number then one has to make sure that the Linux kernel knows about the encryption with that number, probably by patching the kernel. Standard numbers that are always present are 0 (no encryption) and 1 (XOR encryption). When the cryptoloop module is loaded (or compiled in), it uses number 18. This cryptoloop module will take the name of an arbitrary encryption type and finds the module that knows how to perform that encryption.
-a, --all show status of all loop devices -d, --detach detach the file or device associated with the specified loop device -e, -E, --encryption encryption_type enable data encryption with specified name or number -f, --find find the first unused loop device. If a file argument is present, use this device. Otherwise, print its name. -h, --help print help -k, --keybits num set the number of bits to use in key to num. -N, --nohashpass Do not hash the password. By default, Debian systems run the password through a hash function, non-Debian systems tend not to. -o, --offset offset The data start is moved offset bytes into the specified file or device. -p, --pass-fd num Read the passphrase from file descriptor with number num instead of from the terminal -r, --read-only setup read-only loop device -s, --show print device name if the -f option and a file argument are present -v, --verbose verbose mode
losetup returns 0 on success, nonzero on failure. When losetup displays the status of a loop device, it returns 1 if the device is not configured and 2 if an error occurred which prevented losetup from determining the status of the device.
/dev/loop0, /dev/loop1, ... loop devices (major=7)
If you are using the loadable module you must have the module loaded first with the command
# insmod loop.o Maybe also encryption modules are needed. # insmod des.o # insmod cryptoloop.o The following commands can be used as an example of using the loop device. # dd if=/dev/zero of=/file bs=1k count=100 # losetup -e des /dev/loop0 /file Password: Init (up to 16 hex digits): # mkfs -t ext2 /dev/loop0 100 # mount -t ext2 /dev/loop0 /mnt ... # umount /dev/loop0 # losetup -d /dev/loop0 If you are using the loadable module you may remove the module with the command # rmmod loop
DES encryption is painfully slow. On the other hand, XOR is terribly weak. Both are insecure nowadays. Some ciphers may require a licence for you to be allowed to use them.Cryptoloop is deprecated in favor of dm-crypt. For more details see cryptsetup(8).
The losetup command is part of the util-linux-ng package and is available from
| Linux | LOSETUP (8) | 2003-07-01 |
In operating systems, a loop device, vnd (vnode disk), or lofi (loopback file interface) is a pseudo-device that makes a accessible as a block device.
Before use, a loop device must be connected to an existing file in the filesystem. The association provides the user with an that allows the file to be used in place of a block special file (cf. device file system). Thus, if the file contains an entire , the file may then be as if it were a disk device.
Files of this kind are often used for CD ISO images and floppy disc images. Mounting a file containing a filesystem via such a loop mount makes the files within that filesystem accessible. They appear in the directory.
A loop device may allow some kind of data elaboration during this redirection. For example, the device may be the unencrypted version of an encrypted file. In such a case, the file associated with a loop device may be another pseudo-device. This is mostly useful when this device contains an encrypted file system. If supported, the loop device is in this case the decrypted version of the original encrypted file and can therefore be mounted as if it were a normal filesystem.
ContentsMounting a file on a directory requires two steps:
These two operations can be performed either using two separate
commands, or through special flags to the mount command. The first
operation can be executed by a specific command such as losetup[1] in , or lofiadm[2] in SunOS. As an example, if example.img is a regular file containing a filesystem and /home/you/dir is a directory on a Linux box, the can mount the file on the directory by executing the following two commands:
losetup /dev/loop0 example.img
mount /dev/loop0 /home/you/dir
The first command associates the loop device node /dev/loop0 with the regular file example.img. This association can be later destroyed by executing losetup -d /dev/loop0. The second command mounts the device on the directory /home/you/dir.
The overall effect of executing these two commands is that the content
of the file is used as the whole mounted directory. The system call
used by losetup to associate and disassociate files with loop devices
is an on the loop device.
An alternative way of doing the same is to let the mount utility handle the setting up of the loop device:
mount -o loop example.img /home/you/dir
In this case, the mount command performs both the association of the file with the loop device and the mount itself.
At the level of , the association and disassociation of a file with a loop device are done via 's on the loop device. Both losetup and mount therefore use such ioctl's to operate on loop devices. For example, losetup /dev/loop0 example.img opens device /dev/loop0 and performs an ioctl on the resulting file descriptor, passing LOOP_SET_FD as the request number and the string example.img as the third argument.
After mounting a file containing a filesystem, the files within the filesystem can be accessed through the usual filesystem interface of the operating system, without any need for special functionality, such as reading and writing to ISO images, in applications.
Uses include managing and editing filesystem images meant for later normal use (especially CD or DVD images or installation systems) or permanent segregation of data in actual use (for example simulating removable media on a faster and more convenient hard disk or encapsulating encrypted filesystems).
Some confusion exists about the naming of the loop device under various operating systems. Various Unix-like operating system provide the loop device functionality under different names.
In Linux, device names are encoded in the symbol table entries of their corresponding device drivers. The device is called "loop" device and device nodes in the device file system are named /dev/loop0, /dev/loop1, etc. and created by the makedev script. The management user interface for the loop device is losetup and is part of the package.
Sometimes, the loop device is erroneously referred to as 'loopback' device, but this term is reserved for a networking device in the Linux kernel (cf. ). The concept of the 'loop' device is distinct from that of 'loopback', although similar in name.
In BSD-derived systems, such as and , the loop device is called "virtual node device" or "vnd", and generally located at /dev/vnd0, /dev/rvnd0 or /dev/svnd0, etc., in the file system. The vnconfig program is used for configuration.
followed the same conventions as other BSD systems until release version 5, in which the loop device was incorporated into the memory disk driver ("md"). Configuration is now performed using the mdconfig[3] program.
In SunOS, the loop device is called "loopback file interface" or lofi, and located at /dev/lofi/1, etc. SunOS has the lofiadm configuration program.
implements a native image mounting mechanism as part of its random access disk device abstraction. In the user interface it is activated by doubleclicking on the image file name. It can handle disk, CD-ROM or DVD images in various formats.
Loop mounting is not natively available on operating systems. However, the facility is often added using third-party applications such as and . A from can also be used to achieve similar functionality.
