>> "That can be done manually" does not get you the check mark in
>> the list of features. Management wants idiot-resistant security.
>
> It has nothing to do with idiot-resistance. Why should this multi-write
> operation be done in kernel ? mkswap is a usermode program. mkfs is a
> usermode program. If you want to have a wipeswap script that copies a
> chunk of your /dev/zero to the swap, it should also be in usermode. Just
> run it in wherever rc file you use to swapoff.
And when I type 'swapoff' at the command line the whole scheme fails
unless I am a perfect robot sysadmin and always remember to wipe the
file. This needs to 'fail safe' and it needs to be done within the kernel
to be considered a working feature.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/