cryptenroll: Lock memory pages before operating on the device

This is what systemd-cryptsetup does. We will be unlocking the device,
working with sensitive cryptographic material as well.

diff --git a/src/cryptenroll/cryptenroll.c b/src/cryptenroll/cryptenroll.c
index e1fdc3f5f02448099185f2bd19da9a8fd38c6de1..0674116ec8c441a6725e256bfbd9e2b6dbc4d546 100644 (file)
--- a/src/cryptenroll/cryptenroll.c
+++ b/src/cryptenroll/cryptenroll.c
@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include <getopt.h>
+#include <sys/mman.h>
 
 #include "ask-password-api.h"
 #include "build.h"
@@ -706,6 +707,9 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
+        /* A delicious drop of snake oil */
+        (void) mlockall(MCL_FUTURE);
+
         cryptsetup_enable_logging(NULL);
 
         if (arg_enroll_type < 0)