creds-util: fix "weak" vs. "secure" display for tmpfs/noswap backed credentials

When we display passed credentials we show a brief safety level based on how the credential is pass in: if it's backed by swappable memory we give it a "weak" level. This check was so far done by checking if the file is backed by ramfs. However, since 1155f44f48 we actually prefer tmpfs with the new "noswap" option for this. Hence, fix this, and explicitly look for "noswap" among the mount options in case we detect tmpfs.
2026-04-14 00:14:32 +09:00 · 2024-06-12 12:11:50 +02:00
parent bde35f4a91
commit 2af17b5e4c
2 changed files with 42 additions and 5 deletions
--- a/src/creds/creds.c
+++ b/src/creds/creds.c
@@ -13,6 +13,7 @@
 #include "hexdecoct.h"
 #include "io-util.h"
 #include "json.h"
+#include "libmount-util.h"
 #include "main-func.h"
 #include "memory-util.h"
 #include "missing_magic.h"
@@ -128,6 +129,29 @@ not_found:
        return 0;
 }

+static int is_tmpfs_with_noswap(dev_t devno) {
+        _cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
+        int r;
+
+        table = mnt_new_table();
+        if (!table)
+                return -ENOMEM;
+
+        r = mnt_table_parse_mtab(table, /* filename= */ NULL);
+        if (r < 0)
+                return r;
+
+        struct libmnt_fs *fs = mnt_table_find_devno(table, devno, MNT_ITER_FORWARD);
+        if (!fs)
+                return -ENODEV;
+
+        r = mnt_fs_get_option(fs, "noswap", /* value= */ NULL, /* valuesz= */ NULL);
+        if (r < 0)
+                return r;
+
+        return r == 0;
+}
+
 static int add_credentials_to_table(Table *t, bool encrypted) {
        _cleanup_closedir_ DIR *d = NULL;
        const char *prefix;
@@ -184,12 +208,24 @@ static int add_credentials_to_table(Table *t, bool encrypted) {
                        secure = "insecure"; /* Anything that is accessible more than read-only to its owner is insecure */
                        secure_color = ansi_highlight_red();
                } else {
-                        r = fd_is_fs_type(fd, RAMFS_MAGIC);
-                        if (r < 0)
-                                return log_error_errno(r, "Failed to determine backing file system of '%s': %m", de->d_name);
+                        struct statfs sfs;
+                        if (fstatfs(fd, &sfs) < 0)
+                                return log_error_errno(r, "fstatfs() failed on '%s': %m", de->d_name);

-                        secure = r > 0 ? "secure" : "weak"; /* ramfs is not swappable, hence "secure", everything else is "weak" */
-                        secure_color = r > 0 ? ansi_highlight_green() : ansi_highlight_yellow4();
+                        bool is_secure;
+                        if (is_fs_type(&sfs, RAMFS_MAGIC))
+                                is_secure = true; /* ramfs is not swappable, hence "secure" */
+                        else if (is_fs_type(&sfs, TMPFS_MAGIC)) {
+                                r = is_tmpfs_with_noswap(st.st_dev);
+                                if (r < 0)
+                                        log_debug_errno(r, "Failed to determine if file system of '%s' has 'noswap' enabled, assuming not: %m", de->d_name);
+
+                                is_secure = r > 0;
+                        } else
+                                is_secure = false; /* everything else we assume is not "secure" */
+
+                        secure = is_secure ? "secure" : "weak";
+                        secure_color = is_secure ? ansi_highlight_green() : ansi_highlight_yellow4();
                }

                j = path_join(prefix, de->d_name);
--- a/src/creds/meson.build
+++ b/src/creds/meson.build
@@ -6,6 +6,7 @@ executables += [
                'public' : true,
                'sources' : files('creds.c'),
                'dependencies' : [
+                        libmount,
                        libopenssl,
                        threads,
                ],