Index: trunk/packages/invirt-remote/debian/changelog =================================================================== --- trunk/packages/invirt-remote/debian/changelog (revision 1986) +++ trunk/packages/invirt-remote/debian/changelog (revision 1987) @@ -1,2 +1,9 @@ +invirt-remote (0.3.0) unstable; urgency=low + + * Instead of immediately deleting LVs, overwrite them with zeros to + avoid leaking information from one VM to another. + + -- Evan Broder Wed, 21 Jan 2009 02:57:30 -0500 + invirt-remote (0.2.2) unstable; urgency=low Index: trunk/packages/invirt-remote/host/usr/sbin/invirt-lvm =================================================================== --- trunk/packages/invirt-remote/host/usr/sbin/invirt-lvm (revision 1986) +++ trunk/packages/invirt-remote/host/usr/sbin/invirt-lvm (revision 1987) @@ -2,5 +2,8 @@ import sys -import os.path +import time +import os +import random +import string from subprocess import call, PIPE, Popen from invirt.config import structs as config @@ -45,18 +48,29 @@ print >>sys.stderr, "Error removing LV %s\n" % lvname sys.exit(1) - # I know this is the wrong answer, but sometimes the first - # lvchange -a n fails for no particularly good reason, so this is - # a pretty good workaround - call(["/sbin/lvchange", "-a", "n", lvpath]) - rv = call(["/sbin/lvchange", "-a", "n", lvpath]) - if rv != 0: - error() - rv = call(["/sbin/lvchange", "-a", "ey", lvpath]) - if rv != 0: - error() - rv = call(["/sbin/lvremove", "--force", lvpath]) - if rv != 0: - error() + + # Rename the LV to something else so we can wipe it before reusing + # the space + while True: + new_lvname = "old_%s_%s" % (lvname, ''.join(random.choice(string.ascii_letters) for i in xrange(6))) + new_lvpath = "/dev/%s/%s" % (vg, new_lvname) + p = Popen(["/sbin/lvrename", lvpath, new_lvpath], stdout=PIPE, stderr=PIPE) + rv = p.wait() + if rv == 5 and 'already exists in volume group' in p.stderr.read(): + continue + elif rv != 0: + error() + else: + break ensureoff(machine) + + # Fork. The child process wipes the LV and then deletes + # it. There's not really anything sane to do with errors (since + # this is running non-interactively), so let's just drop them on + # the floor for now. + if os.fork() == 0: + call(["/bin/dd", "if=/dev/zero", "of=%s" % new_lvpath]) + call(["/sbin/lvchange", "-a", "n", new_lvpath]) + call(["/sbin/lvchange", "-a", "ey", new_lvpath]) + call(["/sbin/lvremove", "--force", new_lvpath]) elif subcommand == "lvresize": size = sys.argv[4] @@ -86,4 +100,3 @@ print >>sys.stderr, "Error creating LV %s\n" %(lvname,) sys.exit(1) -