blob: 3ae626ef688f3aa09db01c49c2c527ac10e8169a [file] [log] [blame]
# Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
# Create, possibly migrate from, the unencrypted stateful partition, and bind
# mount the /var and /home/chronos mounts from the encrypted filesystem
# /mnt/stateful_partition/encrypted, all managed by the "mount-encrypted"
# helper. Takes the same arguments as mount-encrypted. Since /var is managed by
# mount-encrypted, it should not be created in the unencrypted stateful
# partition. Its mount point in the root filesystem exists already from the
# rootfs image. Since /home is still mounted from the unencrypted stateful
# partition, having /home/chronos already doesn't matter. It will be created by
# mount-encrypted if it is missing. These mounts inherit nodev,noexec,nosuid
# from the encrypted filesystem /mnt/stateful_partition/encrypted.
mount_var_and_home_chronos() {
mount-encrypted "$@" >>/run/mount_encrypted/mount-encrypted.log 2>&1
# Give mount-encrypted umount 10 times to retry, otherwise
# it will fail with 'device is busy' because lazy umount does not finish
# clearing all reference points yet. Check
umount_var_and_home_chronos() {
# Check if the encrypted stateful partition is mounted.
if ! mountpoint -q "/mnt/stateful_partition/encrypted"; then
return 0
local rc=0
for _ in 1 2 3 4 5 6 7 8 9 10; do
mount-encrypted umount
if [ "${rc}" -eq "0" ]; then
sleep 0.1
return "${rc}"