Description of problem: The loop back device has a LO_FLAGS_AUTOCLEAR flag. libvirt LXC uses loop devices with LO_FLAGS_AUTOCLEAR so that when the container exits, releasing its mount namespaces, the loop device gets automatically destroyed by the kernel. With dm-crypt some administrative process in userspace has to go around cleaning up devices after the container as stopped. I'd really like to have some way to mark dm-crypt devices to be autodestroyed when their last usage is released (whether an open FD to the device or a mount of the device) Off the top of my head, something along the lines of # cryptsetup luksOpen /dev/sdd1 mydev # mount /dev/mapper/mydev /mnt/containerfoo # cryptsetup luksAutoClose mydev .....time passes... # umount /mnt/containerfoo .... kernel automatically does equivalent of 'cryptsetup luksClose mydev' If there are other ways to achieve the same end result, I'm open to proposals. Also, if the LUKS device is ontop of a loop device, the auto-close of the LUKS device should in turn trigger release of the loop device, though this quite possibly happens already. Version-Release number of selected component (if applicable): cryptsetup-1.5.0-1.fc17.x86_64
(In reply to comment #0) > Also, if the LUKS device is ontop of a loop device, the auto-close of the > LUKS > device should in turn trigger release of the loop device, though this quite > possibly happens already. That's how it works from the beginning (for all loops allocated by cryptsetup). So this is similar to losetup use, losetup -d on used loop will set autoclear flag (with recent kernels). But this must be implemented in-kernel device-mapper first, I'll clone the bug for it.
Since cryptsetup 2.x (Fedora28+) there is CLI option --deferred for close/remove/luksClose command and libcryptsetup call crypt_deactivate_by_name() with flag CRYPT_DEACTIVATE_DEFERRED that should provide auto delete option. The loop devices underneath are deactivated automatically as well. (This option cannot be backported to older cryptsetup releases though.)