keyfile-erase only erases a key file explicitly configured in the third
field of crypttab. Key files automatically discovered in
/etc/cryptsetup-keys.d/ and /run/cryptsetup-keys.d/ are considered shared
resources not owned by an individual volume, and are never erased. Make
this explicit in the documentation and add a code comment clarifying the
intent.
Fixes: https://github.com/systemd/systemd/issues/41127
Co-developed-by: Claude Opus 4.8 <noreply@anthropic.com>
activation (e.g. via a file in <filename>/run/</filename>, generated by a service running before
activation), and shall be removed after use. Defaults to off.</para>
+ <para>Note that this option only applies to a key file explicitly configured in the third field, and
+ has no effect on key files that are automatically discovered in
+ <filename>/etc/cryptsetup-keys.d/</filename> and <filename>/run/cryptsetup-keys.d/</filename>. The
+ latter are considered shared resources that are not owned by an individual volume, and hence are never
+ erased. To erase an automatically discovered key file, configure its path explicitly in the third
+ field.</para>
+
<xi:include href="version-info.xml" xpointer="v246"/></listitem>
</varlistentry>
/* A delicious drop of snake oil */
(void) safe_mlockall(MCL_CURRENT|MCL_FUTURE|MCL_ONFAULT);
+ /* Only erase key files explicitly configured on the command line, never the ones we
+ * auto-discover in /etc/cryptsetup-keys.d/ and /run/cryptsetup-keys.d/: those are shared
+ * resources not owned by an individual volume. (key_file is NULL when auto-discovery is used.) */
if (key_file && arg_keyfile_erase)
destroy_key_file = key_file; /* let's get this baby erased when we leave */
projects / thirdparty / systemd.git / commitdiff
