paranoia: refuse rm_rf("/")

[elogind.git] / src / cryptsetup / cryptsetup.c

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index f214d60d569fda55c0edadc0ab8359ca9c382666..b26fcca836993c73019f56f351793bf8f8ad3354 100644 (file)
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -29,6 +29,7 @@
 
 #include "log.h"
 #include "util.h"
+#include "path-util.h"
 #include "strv.h"
 #include "ask-password-api.h"
 #include "def.h"
@@ -40,6 +41,7 @@ static char *opt_hash = NULL;
 static unsigned opt_tries = 0;
 static bool opt_readonly = false;
 static bool opt_verify = false;
+static bool opt_discards = false;
 static usec_t opt_timeout = DEFAULT_TIMEOUT_USEC;
 
 /* Options Debian's crypttab knows we don't:
@@ -97,6 +99,8 @@ static int parse_one_option(const char *option) {
                 opt_readonly = true;
         else if (streq(option, "verify"))
                 opt_verify = true;
+        else if (streq(option, "allow-discards"))
+                opt_discards = true;
         else if (streq(option, "luks"))
                 opt_type = CRYPT_LUKS1;
         else if (streq(option, "plain") ||
@@ -190,7 +194,8 @@ static char *disk_mount_point(const char *label) {
         if (asprintf(&device, "/dev/mapper/%s", label) < 0)
                 goto finish;
 
-        if (!(f = setmntent("/etc/fstab", "r")))
+        f = setmntent("/etc/fstab", "r");
+        if (!f)
                 goto finish;
 
         while ((m = getmntent(f)))
@@ -312,6 +317,9 @@ int main(int argc, char *argv[]) {
                 if (opt_readonly)
                         flags |= CRYPT_ACTIVATE_READONLY;
 
+                if (opt_discards)
+                        flags |= CRYPT_ACTIVATE_ALLOW_DISCARDS;
+
                 if (opt_timeout > 0)
                         until = now(CLOCK_MONOTONIC) + opt_timeout;
                 else