Don't leak info from libvirt LVM backed instances

* nova/virt/libvirt/utils.py (remove_logical_volumes): Overwrite each logical volume with zero (clear_logical_volume): LV obfuscation implementation. (logical_volume_size): A utility function used by clear_logical_volume() Fixes bug: 1070539 Change-Id: I4e1024de8dfe9b0be3b0d6437c836d2042862f85
2012-11-23 14:59:13 +00:00 · 2012-11-23 14:59:13 +00:00 · a99a802e00
parent 670b38821c
commit a99a802e00
1 changed files with 44 additions and 0 deletions
--- a/nova/virt/libvirt/utils.py
+++ b/nova/virt/libvirt/utils.py
@ -149,8 +149,52 @@ def list_logical_volumes(vg):
    return [line.strip() for line in out.splitlines()]


+def logical_volume_size(path):
+    """Get logical volume size in bytes.
+
+    :param path: logical volume path
+    """
+    # TODO(p-draigbrady) POssibly replace with the more general
+    # use of blockdev --getsize64 in future
+    out, _err = execute('lvs', '-o', 'lv_size', '--noheadings', '--units',
+                        'b', '--nosuffix', path, run_as_root=True)
+
+    return int(out)
+
+
+def clear_logical_volume(path):
+    """Obfuscate the logical volume.
+
+    :param path: logical volume path
+    """
+    # TODO(p-draigbrady): We currently overwrite with zeros
+    # but we may want to make this configurable in future
+    # for more or less security conscious setups.
+
+    vol_size = logical_volume_size(path)
+    bs = 1024 * 1024
+    remaining_bytes = vol_size
+
+    # The loop caters for versions of dd that
+    # don't support the iflag=count_bytes option.
+    while remaining_bytes:
+        zero_blocks = remaining_bytes / bs
+        seek_blocks = (vol_size - remaining_bytes) / bs
+        zero_cmd = ('dd', 'bs=%s' % bs,
+                    'if=/dev/zero', 'of=%s' % path,
+                    'seek=%s' % seek_blocks, 'count=%s' % zero_blocks)
+        if zero_blocks:
+            utils.execute(*zero_cmd, run_as_root=True)
+        remaining_bytes %= bs
+        bs /= 1024  # Limit to 3 iterations
+
+
 def remove_logical_volumes(*paths):
    """Remove one or more logical volume."""
+
+    for path in paths:
+        clear_logical_volume(path)
+
    if paths:
        lvremove = ('lvremove', '-f') + paths
        execute(*lvremove, attempts=3, run_as_root=True)