Bug 873686

Summary: RFE: Provide a way to mark a dm-crypt device as "auto delete"
Product: [Fedora] Fedora Reporter: Daniel BerrangĂ© <berrange>
Component: cryptsetupAssignee: Milan Broz <gmazyland>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: agk, gmazyland, okozina
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-04 07:03:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 873734    
Bug Blocks:    

Description Daniel Berrangé 2012-11-06 13:42:55 UTC 
Description of problem:
The loop back device has a LO_FLAGS_AUTOCLEAR flag. libvirt LXC uses loop
devices with LO_FLAGS_AUTOCLEAR so that when the container exits, releasing
its mount namespaces, the loop device gets automatically destroyed by the 
kernel. With dm-crypt some administrative process in userspace has to go
around cleaning up devices after the container as stopped. I'd really like 
to have some way to mark dm-crypt devices to be autodestroyed when their
last usage is released (whether an open FD to the device or a mount of the
device)

Off the top of my head, something along the lines of

 # cryptsetup luksOpen /dev/sdd1 mydev
 # mount /dev/mapper/mydev /mnt/containerfoo
 # cryptsetup luksAutoClose mydev

  .....time passes...

 # umount /mnt/containerfoo

  .... kernel automatically does equivalent of 'cryptsetup luksClose mydev'

If there are other ways to achieve the same end result, I'm open to proposals.

Also, if the LUKS device is ontop of a loop device, the auto-close of the LUKS
device should in turn trigger release of the loop device, though this quite
possibly happens already.

Version-Release number of selected component (if applicable):
cryptsetup-1.5.0-1.fc17.x86_64
Comment 1 Milan Broz 2012-11-06 15:31:31 UTC 
(In reply to comment #0)
> Also, if the LUKS device is ontop of a loop device, the auto-close of the
> LUKS
> device should in turn trigger release of the loop device, though this quite
> possibly happens already.

That's how it works from the beginning (for all loops allocated by cryptsetup).

So this is similar to losetup use, losetup -d on used loop will set autoclear flag (with recent kernels).

But this must be implemented in-kernel device-mapper first, I'll clone the bug for it.
Comment 2 Milan Broz 2018-04-04 07:03:05 UTC 
Since cryptsetup 2.x (Fedora28+) there is CLI option --deferred for close/remove/luksClose command and libcryptsetup call crypt_deactivate_by_name() with flag CRYPT_DEACTIVATE_DEFERRED that should provide auto delete option.

The loop devices underneath are deactivated automatically as well.

(This option cannot be backported to older cryptsetup releases though.)