page counter next up previous contents
Next: 根目錄 LUKS 加密 Up: LUKS 加密根目錄 Previous: LUKS 加密根目錄   Contents   DYWANG_HOME

根目錄檔案複製

  1. 格式化 /dev/mapper/luks-77472cc9-0dd3-4c4c-81ad-e0ecae7570b2。 
    [root@kvm7 ~]# mkfs.xfs /dev/mapper/luks-77472cc9-0dd3-4c4c-81ad-e0ecae7570b2 -f
meta-data=/dev/mapper/luks-77472cc9-0dd3-4c4c-81ad-e0ecae7570b2 isize=512    agcount=4, agsize=130944 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=0, sparse=0
data     =                       bsize=4096   blocks=523776, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal log           bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
  2. 建立掛載目錄 /sysroot 掛載 /dev/mapper/luks-77472cc9-0dd3-4c4c-81ad-e0ecae7570b2。 
    [root@kvm7 ~]# mkdir /sysroot
[root@kvm7 ~]# mount /dev/mapper/luks-77472cc9-0dd3-4c4c-81ad-e0ecae7570b2 /sysroot/
[root@kvm7 ~]# ll /sysroot
total 0
  3. 將 / 根目錄檔案系統複製到 luks 掛載目錄 /sysroot。 
    [root@kvm7 ~]# cp -axZ / /sysroot/
[root@kvm7 ~]# ll /sysroot/
total 20
lrwxrwxrwx.  1 root root    7 Jul 10  2018 bin -> usr/bin
dr-xr-xr-x.  2 root root    6 May 20  2019 boot
drwxr-xr-x.  2 root root    6 Dec  4 19:51 dev
drwxr-xr-x. 89 root root 8192 Dec  4 21:29 etc
drwxr-xr-x.  2 root root    6 Jun 10 21:09 home
lrwxrwxrwx.  1 root root    7 Jul 10  2018 lib -> usr/lib
lrwxrwxrwx.  1 root root    9 Jul 10  2018 lib64 -> usr/lib64
drwx------.  2 root root    6 Jul 10  2018 lost+found
drwxr-xr-x.  2 root root    6 Apr 11  2018 media
drwxr-xr-x.  2 root root    6 Dec  4 16:33 misc
drwxr-xr-x.  5 root root   46 Oct 24 19:51 mnt
drwxr-xr-x.  2 root root    6 Dec  4 16:33 net
drwxr-xr-x.  2 root root    6 Apr 11  2018 opt
dr-xr-xr-x.  2 root root    6 Sep  1 17:20 proc
dr-xr-x---.  5 root root 4096 Dec  4 19:23 root
drwxr-xr-x.  2 root root    6 Dec  4 19:19 run
lrwxrwxrwx.  1 root root    8 Jul 10  2018 sbin -> usr/sbin
drwxr-xr-x.  2 root root    6 Apr 11  2018 srv
dr-xr-xr-x.  2 root root    6 Sep  1 17:20 sys
drwxr-xr-x.  2 root root    6 Dec  4 20:04 sysroot
drwxrwxrwt. 12 root root 4096 Dec  4 21:43 tmp
drwxr-xr-x. 13 root root  155 Jul 10  2018 usr
drwxr-xr-x. 20 root root  278 Jul 10  2018 var
  4. 要記得在 /sysroot 的根目錄產生一個空檔 .autorelabel,在以 luks mapping 為根目錄開機時,恢復檔案的 selinux contexts,否則開機時會因 selinux 在啟動狀態而無法登入。 
    [root@kvm7 ~]# touch /sysroot/.autorelabel
  5. 修改 luks 掛載目錄 /sysroot 的開機掛載表 etc/fstab,根目錄掛載裝置改為 /dev/mapper/luks-77472cc9-0dd3-4c4c-81ad-e0ecae7570b2。 
    [root@kvm7 ~]# grep luks /sysroot/etc/fstab
/dev/mapper/luks-77472cc9-0dd3-4c4c-81ad-e0ecae7570b2   /    xfs defaults   1 1


De-Yu Wang 2020-05-14