mount-encrypted: mount with commit=600
Mount with commit=600, just as the unencrypted stateful is mounted.
BUG=chrome-os-partner:13185
TEST=x86-alex build
Change-Id: I0cee85c8bdabccb6545ca2238f6d5a120300e3aa
Signed-off-by: Kees Cook <keescook@chromium.org>
(cherry picked from commit 82a17fb7c1dd7f043a296695e2867ff82d7c53ca)
Reviewed-on: https://gerrit.chromium.org/gerrit/32236
Tested-by: Luigi Semenzato <semenzato@chromium.org>
diff --git a/utility/mount-encrypted.c b/utility/mount-encrypted.c
index f5d79aa..10263b7 100644
--- a/utility/mount-encrypted.c
+++ b/utility/mount-encrypted.c
@@ -900,7 +900,7 @@
}
if (mount(dmcrypt_dev, encrypted_mount, kEncryptedFSType,
MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RELATIME,
- "discard")) {
+ "discard,commit=600")) {
PERROR("mount(%s,%s)", dmcrypt_dev, encrypted_mount);
goto dm_cleanup;
}