1lofiadm(1M) System Administration Commands lofiadm(1M)
2
3
4
6 lofiadm - administer files available as block devices through lofi
7
9 /usr/sbin/lofiadm -a file [device]
10
11
12 /usr/sbin/lofiadm -c crypto_algorithm -a file [device]
13
14
15 /usr/sbin/lofiadm -c crypto_algorithm -k raw_key_file -a file [device]
16
17
18 /usr/sbin/lofiadm -c crypto_algorithm -T token_key -a file [device]
19
20
21 /usr/sbin/lofiadm -c crypto_algorithm -T token_key
22 -k wrapped_key_file -a file [device]
23
24
25 /usr/sbin/lofiadm -c crypto_algorithm -e -a file [device]
26
27
28 /usr/sbin/lofiadm -C algorithm [-s segment_size] file
29
30
31 /usr/sbin/lofiadm -d file | device
32
33
34 /usr/sbin/lofiadm -U file
35
36
37 /usr/sbin/lofiadm [ file | device]
38
39
41 lofiadm administers lofi, the loopback file driver. lofi allows a file
42 to be associated with a block device. That file can then be accessed
43 through the block device. This is useful when the file contains an
44 image of some filesystem (such as a floppy or CD-ROM image), because
45 the block device can then be used with the normal system utilities for
46 mounting, checking or repairing filesystems. See fsck(1M) and
47 mount(1M).
48
49
50 Use lofiadm to add a file as a loopback device, remove such an associa‐
51 tion, or print information about the current associations.
52
53
54 Encryption and compression options are mutually exclusive on the com‐
55 mand line. Further, an encrypted file cannot be compressed later, nor
56 can a compressed file be encrypted later.
57
58
59 The lofi driver is not available and will not work inside a zone.
60
62 The following options are supported:
63
64 -a file [device]
65
66 Add file as a block device.
67
68 If device is not specified, an available device is picked.
69
70 If device is specified, lofiadm attempts to assign it to file.
71 device must be available or lofiadm will fail. The ability to spec‐
72 ify a device is provided for use in scripts that wish to reestab‐
73 lish a particular set of associations.
74
75
76 -C {gzip | gzip-N | lzma}
77
78 Compress the file with the specified compression algorithm.
79
80 The gzip compression algorithm uses the same compression as the
81 open-source gzip command. You can specify the gzip level by using
82 the value gzip-N where N is 6 (fast) or 9 (best compression ratio).
83 Currently, gzip, without a number, is equivalent to gzip-6 (which
84 is also the default for the gzip command).
85
86 lzma stands for the LZMA (Lempel-Ziv-Markov) compression algorithm.
87
88 Note that you cannot write to a compressed file, nor can you mount
89 a compressed file read/write.
90
91
92 -d file | device
93
94 Remove an association by file or device name, if the associated
95 block device is not busy, and deallocates the block device.
96
97
98 -s segment_size
99
100 The segment size to use to divide the file being compressed. seg‐
101 ment_size can be an integer multiple of 512.
102
103
104 -U file
105
106 Uncompress a compressed file.
107
108
109
110 The following options are used when the file is encrypted:
111
112 -c crypto_algorithm
113
114 Select the encryption algorithm. The algorithm must be specified
115 when encryption is enabled because the algorithm is not stored in
116 the disk image.
117
118 If none of -e, -k, or -T is specified, lofiadm prompts for a
119 passphrase, with a minimum length of eight characters, to be
120 entered . The passphrase is used to derive a symmetric encryption
121 key using PKCS#5 PBKD2.
122
123
124 -k raw_key_file | wrapped_key_file
125
126 Path to raw or wrapped symmetric encryption key. If a PKCS#11
127 object is also given with the -T option, then the key is wrapped by
128 that object. If -T is not specified, the key is used raw.
129
130
131 -T token_key
132
133 The key in a PKCS#11 token to use for the encryption or for unwrap‐
134 ping the key file.
135
136 If -k is also specified, -T identifies the unwrapping key, which
137 must be an RSA private key.
138
139
140 -e
141
142 Generate an ephemeral symmetric encryption key.
143
144
146 The following operands are supported:
147
148 crypto_algorithm
149
150 One of: aes-128-cbc, aes-192-cbc, aes-256-cbc, des3-cbc, blowfish-
151 cbc.
152
153
154 device
155
156 Display the file name associated with the block device device.
157
158 Without arguments, print a list of the current associations. File‐
159 names must be valid absolute pathnames.
160
161 When a file is added, it is opened for reading or writing by root.
162 Any restrictions apply (such as restricted root access over NFS).
163 The file is held open until the association is removed. It is not
164 actually accessed until the block device is used, so it will never
165 be written to if the block device is only opened read-only.
166
167
168 file
169
170 Display the block device associated with file.
171
172
173 raw_key_file
174
175 Path to a file of the appropriate length, in bits, to use as a raw
176 symmetric encryption key.
177
178
179 token_key
180
181 PKCS#11 token object in the format:
182
183 token_name:manufacturer_id:serial_number:key_label
184
185
186 All but the key label are optional and can be empty. For example,
187 to specify a token object with only its key label MylofiKey, use:
188
189 -T :::MylofiKey
190
191
192
193
194 wrapped_key_file
195
196 Path to file containing a symmetric encryption key wrapped by the
197 RSA private key specified by -T.
198
199
201 Example 1 Mounting an Existing CD-ROM Image
202
203
204 You should ensure that Solaris understands the image before creating
205 the CD. lofi allows you to mount the image and see if it works.
206
207
208
209 This example mounts an existing CD-ROM image (sparc.iso), of the Red
210 Hat 6.0 CD which was downloaded from the Internet. It was created with
211 the mkisofs utility from the Internet.
212
213
214
215 Use lofiadm to attach a block device to it:
216
217
218 # lofiadm -a /home/mike_s/RH6.0/sparc.iso
219 /dev/lofi/1
220
221
222
223
224 lofiadm picks the device and prints the device name to the standard
225 output. You can run lofiadm again by issuing the following command:
226
227
228 # lofiadm
229 Block Device File Options
230 /dev/lofi/1 /home/mike_s/RH6.0/sparc.iso -
231
232
233
234
235 Or, you can give it one name and ask for the other, by issuing the fol‐
236 lowing command:
237
238
239 # lofiadm /dev/lofi/1
240 /home/mike_s/RH6.0/sparc.iso
241
242
243
244
245 Use the mount command to mount the image:
246
247
248 # mount -F hsfs -o ro /dev/lofi/1 /mnt
249
250
251
252
253 Check to ensure that Solaris understands the image:
254
255
256 # df -k /mnt
257 Filesystem kbytes used avail capacity Mounted on
258 /dev/lofi/1 512418 512418 0 100% /mnt
259 # ls /mnt
260 ./ RedHat/ doc/ ls-lR rr_moved/
261 ../ TRANS.TBL dosutils/ ls-lR.gz sbin@
262 .buildlog bin@ etc@ misc/ tmp/
263 COPYING boot/ images/ mnt/ usr@
264 README boot.cat* kernels/ modules/
265 RPM-PGP-KEY dev@ lib@ proc/
266
267
268
269
270 Solaris can mount the CD-ROM image, and understand the filenames. The
271 image was created properly, and you can now create the CD-ROM with con‐
272 fidence.
273
274
275
276 As a final step, unmount and detach the images:
277
278
279 # umount /mnt
280 # lofiadm -d /dev/lofi/1
281 # lofiadm
282 Block Device File Options
283
284
285
286 Example 2 Mounting a Floppy Image
287
288
289 This is similar to the first example.
290
291
292
293 Using lofi to help you mount files that contain floppy images is help‐
294 ful if a floppy disk contains a file that you need, but the machine
295 which you are on does not have a floppy drive. It is also helpful if
296 you do not want to take the time to use the dd command to copy the
297 image to a floppy.
298
299
300
301 This is an example of getting to MDB floppy for Solaris on an x86 plat‐
302 form:
303
304
305 # lofiadm -a /export/s28/MDB_s28x_wos/latest/boot.3
306 /dev/lofi/1
307 # mount -F pcfs /dev/lofi/1 /mnt
308 # ls /mnt
309 ./ COMMENT.BAT* RC.D/ SOLARIS.MAP*
310 ../ IDENT* REPLACE.BAT* X/
311 APPEND.BAT* MAKEDIR.BAT* SOLARIS/
312 # umount /mnt
313 # lofiadm -d /export/s28/MDB_s28x_wos/latest/boot.3
314
315
316
317 Example 3 Making a UFS Filesystem on a File
318
319
320 Making a UFS filesystem on a file can be useful, particularly if a test
321 suite requires a scratch filesystem. It can be painful (or annoying) to
322 have to repartition a disk just for the test suite, but you do not have
323 to. You can newfs a file with lofi
324
325
326
327 Create the file:
328
329
330 # mkfile 35m /export/home/test
331
332
333
334
335 Attach it to a block device. You also get the character device that
336 newfs requires, so newfs that:
337
338
339 # lofiadm -a /export/home/test
340 /dev/lofi/1
341 # newfs /dev/rlofi/1
342 newfs: construct a new file system /dev/rlofi/1: (y/n)? y
343 /dev/rlofi/1: 71638 sectors in 119 cylinders of 1 tracks, 602 sectors
344 35.0MB in 8 cyl groups (16 c/g, 4.70MB/g, 2240 i/g)
345 super-block backups (for fsck -F ufs -o b=#) at:
346 32, 9664, 19296, 28928, 38560, 48192, 57824, 67456,
347
348
349
350
351 Note that ufs might not be able to use the entire file. Mount and use
352 the filesystem:
353
354
355 # mount /dev/lofi/1 /mnt
356 # df -k /mnt
357 Filesystem kbytes used avail capacity Mounted on
358 /dev/lofi/1 33455 9 30101 1% /mnt
359 # ls /mnt
360 ./ ../ lost+found/
361 # umount /mnt
362 # lofiadm -d /dev/lofi/1
363
364
365
366 Example 4 Creating a PC (FAT) File System on a Unix File
367
368
369 The following series of commands creates a FAT file system on a Unix
370 file. The file is associated with a block device created by lofiadm.
371
372
373 # mkfile 10M /export/test/testfs
374 # lofiadm -a /export/test testfs
375 /dev/lofi/1
376 Note use of rlofi, not lofi, in following command.
377 # mkfs -F pcfs -o nofdisk,size=20480 /dev/rlofi/1
378 Construct a new FAT file system on /dev/rlofi/1: (y/n)? y
379 # mount -F pcfs /dev/lofi/1 /mnt
380 # cd /mnt
381 # df -k .
382 Filesystem kbytes used avail capacity Mounted on
383 /dev/lofi/1 10142 0 10142 0% /mnt
384
385
386
387 Example 5 Compressing an Existing CD-ROM Image
388
389
390 The following example illustrates compressing an existing CD-ROM image
391 (solaris.iso), verifying that the image is compressed, and then uncom‐
392 pressing it.
393
394
395 # lofiadm -C gzip /export/home/solaris.iso
396
397
398
399
400 Use lofiadm to attach a block device to it:
401
402
403 # lofiadm -a /export/home/solaris.iso
404 /dev/lofi/1
405
406
407
408
409 Check if the mapped image is compressed:
410
411
412 # lofiadm
413 Block Device File Options
414 /dev/lofi/1 /export/home/solaris.iso Compressed(gzip)
415 /dev/lofi/2 /export/home/regular.iso -
416
417
418
419
420 Unmap the compressed image and uncompress it:
421
422
423 # lofiadm -d /dev/lofi/1
424 # lofiadm -U /export/home/solaris.iso
425
426
427
428 Example 6 Creating an Encrypted UFS File System on a File
429
430
431 This example is similar to the example of making a UFS filesystem on a
432 file, above.
433
434
435
436 Create the file:
437
438
439 # mkfile 35m /export/home/test
440
441
442
443
444 Attach the file to a block device and specify that the file image is
445 encrypted. As a result of this command, you obtain the character
446 device, which is subsequently used by newfs:
447
448
449 # lofiadm -c aes-256-cbc -a /export/home/secrets
450 Enter passphrase: My-M0th3r;l0v3s_m3+4lw4ys! (not echoed)
451 Re-enter passphrase: My-M0th3r;l0v3s_m3+4lw4ys! (not echoed)
452 /dev/lofi/1
453
454 # newfs /dev/rlofi/1
455 newfs: construct a new file system /dev/rlofi/1: (y/n)? y
456 /dev/rlofi/1: 71638 sectors in 119 cylinders of 1 tracks, 602 sectors
457 35.0MB in 8 cyl groups (16 c/g, 4.70MB/g, 2240 i/g)
458 super-block backups (for fsck -F ufs -o b=#) at:
459 32, 9664, 19296, 28928, 38560, 48192, 57824, 67456,
460
461
462
463
464 The mapped file system shows that encryption is enabled:
465
466
467 # lofiadm
468 Block Device File Options
469 /dev/lofi/1 /export/home/secrets Encrypted
470
471
472
473
474 Mount and use the filesystem:
475
476
477 # mount /dev/lofi/1 /mnt
478 # cp moms_secret_*_recipe /mnt
479 # ls /mnt
480 ./ moms_secret_cookie_recipe moms_secret_soup_recipe
481 ../ moms_secret_fudge_recipe moms_secret_stuffing_recipe
482 lost+found/ moms_secret_meatloaf_recipe moms_secret_waffle_recipe
483 # umount /mnt
484 # lofiadm -d /dev/lofi/1
485
486
487
488
489 Subsequent attempts to map the filesystem with the wrong key or the
490 wrong encryption algorithm will fail:
491
492
493 # lofiadm -c blowfish-cbc -a /export/home/secrets
494 Enter passphrase: mommy (not echoed)
495 Re-enter passphrase: mommy (not echoed)
496 lofiadm: could not map file /root/lofi: Invalid argument
497 # lofiadm
498 Block Device File Options
499 #
500
501
502
503
504 Attempts to map the filesystem without encryption will succeed, however
505 attempts to mount and use the filesystem will fail:
506
507
508 # lofiadm -a /export/home/secrets
509 /dev/lofi/1
510 # lofiadm
511 Block Device File Options
512 /dev/lofi/1 /export/home/secrets -
513 # mount /dev/lofi/1 /mnt
514 mount: /dev/lofi/1 is not this fstype
515 #
516
517
518
520 See environ(5) for descriptions of the following environment variables
521 that affect the execution of lofiadm: LC_CTYPE, LC_MESSAGES and
522 NLSPATH.
523
525 The following exit values are returned:
526
527 0
528
529 Successful completion.
530
531
532 >0
533
534 An error occurred.
535
536
538 See attributes(5) for descriptions of the following attributes:
539
540
541
542
543 ┌─────────────────────────────┬─────────────────────────────┐
544 │ATTRIBUTE TYPE │ATTRIBUTE VALUE │
545 ├─────────────────────────────┼─────────────────────────────┤
546 │Availability │SUNWcsu │
547 └─────────────────────────────┴─────────────────────────────┘
548
550 fsck(1M), mount(1M), mount_ufs(1M), newfs(1M), attributes(5), lofi(7D),
551 lofs(7FS)
552
554 Just as you would not directly access a disk device that has mounted
555 file systems, you should not access a file associated with a block
556 device except through the lofi file driver. It might also be appropri‐
557 ate to ensure that the file has appropriate permissions to prevent such
558 access.
559
560
561 The abilities of lofiadm, and who can use them, are controlled by the
562 permissions of /dev/lofictl. Read-access allows query operations, such
563 as listing all the associations. Write-access is required to do any
564 state-changing operations, like adding an association. As shipped,
565 /dev/lofictl is owned by root, in group sys, and mode 0644, so all
566 users can do query operations but only root can change anything. The
567 administrator can give users write-access, allowing them to add or
568 delete associations, but that is very likely a security hole and should
569 probably only be given to a trusted group.
570
571
572 When mounting a filesystem image, take care to use appropriate mount
573 options. In particular, the nosuid mount option might be appropriate
574 for UFS images whose origin is unknown. Also, some options might not be
575 useful or appropriate, like logging or forcedirectio for UFS. For com‐
576 patibility purposes, a raw device is also exported along with the block
577 device. For example, newfs(1M) requires one.
578
579
580 The output of lofiadm (without arguments) might change in future
581 releases.
582
583
584
585SunOS 5.11 31 Aug 2009 lofiadm(1M)