X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcryptsetup%2Fcryptsetup.c;h=38930aee072b69ffd0884006419a4cf25a7c98bb;hp=15dea7b65b47b1c25ad2bfbf4bac312b5b51b0aa;hb=05f73ad22b85270c7db4ff7cbb6da852ad71d4c1;hpb=7376e835289a3f97174a641a1ca4b7dbda997030;ds=sidebyside

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 15dea7b65..38930aee0 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -69,7 +69,7 @@ static int parse_one_option(const char *option) {
         assert(option);
 
         /* Handled outside of this tool */
-        if (streq(option, "noauto") || streq(option, "nofail"))
+        if (STR_IN_SET(option, "noauto", "auto", "nofail", "fail"))
                 return 0;
 
         if (startswith(option, "cipher=")) {
@@ -624,8 +624,10 @@ int main(int argc, char *argv[]) {
 
                         /* Ideally we'd do this on the open fd, but since this is just a
                          * warning it's OK to do this in two steps. */
-                        if (stat(key_file, &st) >= 0 && (st.st_mode & 0005))
-                                log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
+                        if (stat(key_file, &st) >= 0 && (st.st_mode & 0005)) {
+                                if(!STR_IN_SET(key_file, "/dev/urandom", "/dev/random", "/dev/hw_random"))
+                                    log_warning("Key file %s is world-readable. This is not a good idea!", key_file);
+                        }
                 }
 
                 for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {