Added 'scrub-*' commands for securely scrubbing filesystems.

diff --git a/appliance/packagelist.in b/appliance/packagelist.in
index 68270f0..1d1f63a 100644 (file)
--- a/appliance/packagelist.in
+++ b/appliance/packagelist.in
@@ -24,6 +24,7 @@ net-tools
 ntfs-3g
 ntfsprogs
 procps
+scrub
 strace
 util-linux-ng
 zerofree

diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 7ef2a6b..c84a563 100644 (file)
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -46,6 +46,7 @@ guestfsd_SOURCES = \
        ntfs.c \
        pingdaemon.c \
        proto.c \
+       scrub.c \
        sfdisk.c \
        sleep.c \
        stat.c \

diff --git a/daemon/scrub.c b/daemon/scrub.c
new file mode 100644 (file)
index 0000000..9b6d49d
--- /dev/null
+++ b/daemon/scrub.c
@@ -0,0 +1,114 @@
+/* libguestfs - the guestfsd daemon
+ * Copyright (C) 2009 Red Hat Inc. 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include "daemon.h"
+#include "actions.h"
+
+int
+do_scrub_device (char *device)
+{
+  char *err;
+  int r;
+
+  IS_DEVICE (device, -1);
+
+  r = command (NULL, &err, "scrub", device, NULL);
+  if (r == -1) {
+    reply_with_error ("scrub_device: %s: %s", device, err);
+    free (err);
+    return -1;
+  }
+
+  free (err);
+
+  return 0;
+}
+
+int
+do_scrub_file (char *file)
+{
+  char *buf;
+  int len;
+  char *err;
+  int r;
+
+  NEED_ROOT (-1);
+  ABS_PATH (file, -1);
+
+  /* Make the path relative to /sysroot. */
+  len = strlen (file) + 9;
+  buf = malloc (len);
+  if (!buf) {
+    reply_with_perror ("malloc");
+    return -1;
+  }
+  snprintf (buf, len, "/sysroot%s", file);
+
+  r = command (NULL, &err, "scrub", "-r", buf, NULL);
+  free (buf);
+  if (r == -1) {
+    reply_with_error ("scrub_file: %s: %s", file, err);
+    free (err);
+    return -1;
+  }
+
+  free (err);
+
+  return 0;
+}
+
+int
+do_scrub_freespace (char *dir)
+{
+  char *buf;
+  int len;
+  char *err;
+  int r;
+
+  NEED_ROOT (-1);
+  ABS_PATH (dir, -1);
+
+  /* Make the path relative to /sysroot. */
+  len = strlen (dir) + 9;
+  buf = malloc (len);
+  if (!buf) {
+    reply_with_perror ("malloc");
+    return -1;
+  }
+  snprintf (buf, len, "/sysroot%s", dir);
+
+  r = command (NULL, &err, "scrub", "-X", buf, NULL);
+  free (buf);
+  if (r == -1) {
+    reply_with_error ("scrub_freespace: %s: %s", dir, err);
+    free (err);
+    return -1;
+  }
+
+  free (err);
+
+  return 0;
+}

diff --git a/src/generator.ml b/src/generator.ml
index f8e3934..f1a9a45 100755 (executable)
--- a/src/generator.ml
+++ b/src/generator.ml
@@ -1982,7 +1982,9 @@ This command writes zeroes over the first few blocks of C<device>.
 
 How many blocks are zeroed isn't specified (but it's I<not> enough
 to securely wipe the device).  It should be sufficient to remove
-any partition tables, filesystem superblocks and so on.");
+any partition tables, filesystem superblocks and so on.
+
+See also: C<guestfs_scrub_device>.");
 
   ("grub_install", (RErr, [String "root"; String "device"]), 86, [],
    [InitBasicFS, Always, TestOutputTrue (
@@ -2402,6 +2404,44 @@ It is just a wrapper around the C L<glob(3)> function
 with flags C<GLOB_MARK|GLOB_BRACE>.
 See that manual page for more details.");
 
+  ("scrub_device", (RErr, [String "device"]), 114, [DangerWillRobinson],
+   [InitNone, Always, TestRun (        (* use /dev/sdc because it's smaller *)
+      [["scrub_device"; "/dev/sdc"]])],
+   "scrub (securely wipe) a device",
+   "\
+This command writes patterns over C<device> to make data retrieval
+more difficult.
+
+It is an interface to the L<scrub(1)> program.  See that
+manual page for more details.");
+
+  ("scrub_file", (RErr, [String "file"]), 115, [],
+   [InitBasicFS, Always, TestRun (
+      [["write_file"; "/file"; "content"; "0"];
+       ["scrub_file"; "/file"]])],
+   "scrub (securely wipe) a file",
+   "\
+This command writes patterns over a file to make data retrieval
+more difficult.
+
+The file is I<removed> after scrubbing.
+
+It is an interface to the L<scrub(1)> program.  See that
+manual page for more details.");
+
+  ("scrub_freespace", (RErr, [String "dir"]), 116, [],
+   [], (* XXX needs testing *)
+   "scrub (securely wipe) free space",
+   "\
+This command creates the directory C<dir> and then fills it
+with files until the filesystem is full, and scrubs the files
+as for C<guestfs_scrub_file>, and deletes them.
+The intention is to scrub any free space on the partition
+containing C<dir>.
+
+It is an interface to the L<scrub(1)> program.  See that
+manual page for more details.");
+
 ]
 
 let all_functions = non_daemon_functions @ daemon_functions