1lofiadm(1M) System Administration Commands lofiadm(1M)
2
6 lofiadm - administer files available as block devices through lofi
7
9 /usr/sbin/lofiadm -a file [device]
10 /usr/sbin/lofiadm -c crypto_algorithm -a file [device]
13 /usr/sbin/lofiadm -c crypto_algorithm -k raw_key_file -a file [device]
16 /usr/sbin/lofiadm -c crypto_algorithm -T token_key -a file [device]
19 /usr/sbin/lofiadm -c crypto_algorithm -T token_key
22 -k wrapped_key_file -a file [device]
23 /usr/sbin/lofiadm -c crypto_algorithm -e -a file [device]
26 /usr/sbin/lofiadm -C algorithm [-s segment_size] file
29 /usr/sbin/lofiadm -d file | device
32 /usr/sbin/lofiadm -U file
35 /usr/sbin/lofiadm [ file | device]
38
41 lofiadm administers lofi, the loopback file driver. lofi allows a file
42 to be associated with a block device. That file can then be accessed
43 through the block device. This is useful when the file contains an
44 image of some filesystem (such as a floppy or CD-ROM image), because
45 the block device can then be used with the normal system utilities for
46 mounting, checking or repairing filesystems. See fsck(1M) and
47 mount(1M).
48 Use lofiadm to add a file as a loopback device, remove such an associa‐
51 tion, or print information about the current associations.
52 Encryption and compression options are mutually exclusive on the com‐
55 mand line. Further, an encrypted file cannot be compressed later, nor
56 can a compressed file be encrypted later.
57 The lofi driver is not available and will not work inside a zone.
60
62 The following options are supported:
63 -a file [device]
65 Add file as a block device.
67 If device is not specified, an available device is picked.
69 If device is specified, lofiadm attempts to assign it to file.
71 device must be available or lofiadm will fail. The ability to spec‐
72 ify a device is provided for use in scripts that wish to reestab‐
73 lish a particular set of associations.
74 -C {gzip | gzip-N | lzma}
77 Compress the file with the specified compression algorithm.
79 The gzip compression algorithm uses the same compression as the
81 open-source gzip command. You can specify the gzip level by using
82 the value gzip-N where N is 6 (fast) or 9 (best compression ratio).
83 Currently, gzip, without a number, is equivalent to gzip-6 (which
84 is also the default for the gzip command).
85 lzma stands for the LZMA (Lempel-Ziv-Markov) compression algorithm.
87 Note that you cannot write to a compressed file, nor can you mount
89 a compressed file read/write.
90 -d file | device
93 Remove an association by file or device name, if the associated
95 block device is not busy, and deallocates the block device.
96 -s segment_size
99 The segment size to use to divide the file being compressed. seg‐
101 ment_size can be an integer multiple of 512.
102 -U file
105 Uncompress a compressed file.
107 The following options are used when the file is encrypted:
111 -c crypto_algorithm
113 Select the encryption algorithm. The algorithm must be specified
115 when encryption is enabled because the algorithm is not stored in
116 the disk image.
117 If none of -e, -k, or -T is specified, lofiadm prompts for a
119 passphrase, with a minimum length of eight characters, to be
120 entered . The passphrase is used to derive a symmetric encryption
121 key using PKCS#5 PBKD2.
122 -k raw_key_file | wrapped_key_file
125 Path to raw or wrapped symmetric encryption key. If a PKCS#11
127 object is also given with the -T option, then the key is wrapped by
128 that object. If -T is not specified, the key is used raw.
129 -T token_key
132 The key in a PKCS#11 token to use for the encryption or for unwrap‐
134 ping the key file.
135 If -k is also specified, -T identifies the unwrapping key, which
137 must be an RSA private key.
138 -e
141 Generate an ephemeral symmetric encryption key.
143
146 The following operands are supported:
147 crypto_algorithm
149 One of: aes-128-cbc, aes-192-cbc, aes-256-cbc, des3-cbc, blowfish-
151 cbc.
152 device
155 Display the file name associated with the block device device.
157 Without arguments, print a list of the current associations. File‐
159 names must be valid absolute pathnames.
160 When a file is added, it is opened for reading or writing by root.
162 Any restrictions apply (such as restricted root access over NFS).
163 The file is held open until the association is removed. It is not
164 actually accessed until the block device is used, so it will never
165 be written to if the block device is only opened read-only.
166 file
169 Display the block device associated with file.
171 raw_key_file
174 Path to a file of the appropriate length, in bits, to use as a raw
176 symmetric encryption key.
177 token_key
180 PKCS#11 token object in the format:
182 token_name:manufacturer_id:serial_number:key_label
184 All but the key label are optional and can be empty. For example,
187 to specify a token object with only its key label MylofiKey, use:
188 -T :::MylofiKey
190 wrapped_key_file
195 Path to file containing a symmetric encryption key wrapped by the
197 RSA private key specified by -T.
198
201 Example 1 Mounting an Existing CD-ROM Image
202 You should ensure that Solaris understands the image before creating
205 the CD. lofi allows you to mount the image and see if it works.
206 This example mounts an existing CD-ROM image (sparc.iso), of the Red
210 Hat 6.0 CD which was downloaded from the Internet. It was created with
211 the mkisofs utility from the Internet.
212 Use lofiadm to attach a block device to it:
216 # lofiadm -a /home/mike_s/RH6.0/sparc.iso
219 /dev/lofi/1
220 lofiadm picks the device and prints the device name to the standard
225 output. You can run lofiadm again by issuing the following command:
226 # lofiadm
229 Block Device File Options
230 /dev/lofi/1 /home/mike_s/RH6.0/sparc.iso -
231 Or, you can give it one name and ask for the other, by issuing the fol‐
236 lowing command:
237 # lofiadm /dev/lofi/1
240 /home/mike_s/RH6.0/sparc.iso
241 Use the mount command to mount the image:
246 # mount -F hsfs -o ro /dev/lofi/1 /mnt
249 Check to ensure that Solaris understands the image:
254 # df -k /mnt
257 Filesystem kbytes used avail capacity Mounted on
258 /dev/lofi/1 512418 512418 0 100% /mnt
259 # ls /mnt
260 ./ RedHat/ doc/ ls-lR rr_moved/
261 ../ TRANS.TBL dosutils/ ls-lR.gz sbin@
262 .buildlog bin@ etc@ misc/ tmp/
263 COPYING boot/ images/ mnt/ usr@
264 README boot.cat* kernels/ modules/
265 RPM-PGP-KEY dev@ lib@ proc/
266 Solaris can mount the CD-ROM image, and understand the filenames. The
271 image was created properly, and you can now create the CD-ROM with con‐
272 fidence.
273 As a final step, unmount and detach the images:
277 # umount /mnt
280 # lofiadm -d /dev/lofi/1
281 # lofiadm
282 Block Device File Options
283 Example 2 Mounting a Floppy Image
287 This is similar to the first example.
290 Using lofi to help you mount files that contain floppy images is help‐
294 ful if a floppy disk contains a file that you need, but the machine
295 which you are on does not have a floppy drive. It is also helpful if
296 you do not want to take the time to use the dd command to copy the
297 image to a floppy.
298 This is an example of getting to MDB floppy for Solaris on an x86 plat‐
302 form:
303 # lofiadm -a /export/s28/MDB_s28x_wos/latest/boot.3
306 /dev/lofi/1
307 # mount -F pcfs /dev/lofi/1 /mnt
308 # ls /mnt
309 ./ COMMENT.BAT* RC.D/ SOLARIS.MAP*
310 ../ IDENT* REPLACE.BAT* X/
311 APPEND.BAT* MAKEDIR.BAT* SOLARIS/
312 # umount /mnt
313 # lofiadm -d /export/s28/MDB_s28x_wos/latest/boot.3
314 Example 3 Making a UFS Filesystem on a File
318 Making a UFS filesystem on a file can be useful, particularly if a test
321 suite requires a scratch filesystem. It can be painful (or annoying) to
322 have to repartition a disk just for the test suite, but you do not have
323 to. You can newfs a file with lofi
324 Create the file:
328 # mkfile 35m /export/home/test
331 Attach it to a block device. You also get the character device that
336 newfs requires, so newfs that:
337 # lofiadm -a /export/home/test
340 /dev/lofi/1
341 # newfs /dev/rlofi/1
342 newfs: construct a new file system /dev/rlofi/1: (y/n)? y
343 /dev/rlofi/1: 71638 sectors in 119 cylinders of 1 tracks, 602 sectors
344 35.0MB in 8 cyl groups (16 c/g, 4.70MB/g, 2240 i/g)
345 super-block backups (for fsck -F ufs -o b=#) at:
346 32, 9664, 19296, 28928, 38560, 48192, 57824, 67456,
347 Note that ufs might not be able to use the entire file. Mount and use
352 the filesystem:
353 # mount /dev/lofi/1 /mnt
356 # df -k /mnt
357 Filesystem kbytes used avail capacity Mounted on
358 /dev/lofi/1 33455 9 30101 1% /mnt
359 # ls /mnt
360 ./ ../ lost+found/
361 # umount /mnt
362 # lofiadm -d /dev/lofi/1
363 Example 4 Creating a PC (FAT) File System on a Unix File
367 The following series of commands creates a FAT file system on a Unix
370 file. The file is associated with a block device created by lofiadm.
371 # mkfile 10M /export/test/testfs
374 # lofiadm -a /export/test testfs
375 /dev/lofi/1
376 Note use of rlofi, not lofi, in following command.
377 # mkfs -F pcfs -o nofdisk,size=20480 /dev/rlofi/1
378 Construct a new FAT file system on /dev/rlofi/1: (y/n)? y
379 # mount -F pcfs /dev/lofi/1 /mnt
380 # cd /mnt
381 # df -k .
382 Filesystem kbytes used avail capacity Mounted on
383 /dev/lofi/1 10142 0 10142 0% /mnt
384 Example 5 Compressing an Existing CD-ROM Image
388 The following example illustrates compressing an existing CD-ROM image
391 (solaris.iso), verifying that the image is compressed, and then uncom‐
392 pressing it.
393 # lofiadm -C gzip /export/home/solaris.iso
396 Use lofiadm to attach a block device to it:
401 # lofiadm -a /export/home/solaris.iso
404 /dev/lofi/1
405 Check if the mapped image is compressed:
410 # lofiadm
413 Block Device File Options
414 /dev/lofi/1 /export/home/solaris.iso Compressed(gzip)
415 /dev/lofi/2 /export/home/regular.iso -
416 Unmap the compressed image and uncompress it:
421 # lofiadm -d /dev/lofi/1
424 # lofiadm -U /export/home/solaris.iso
425 Example 6 Creating an Encrypted UFS File System on a File
429 This example is similar to the example of making a UFS filesystem on a
432 file, above.
433 Create the file:
437 # mkfile 35m /export/home/test
440 Attach the file to a block device and specify that the file image is
445 encrypted. As a result of this command, you obtain the character
446 device, which is subsequently used by newfs:
447 # lofiadm -c aes-256-cbc -a /export/home/secrets
450 Enter passphrase: My-M0th3r;l0v3s_m3+4lw4ys! (not echoed)
451 Re-enter passphrase: My-M0th3r;l0v3s_m3+4lw4ys! (not echoed)
452 /dev/lofi/1
453 # newfs /dev/rlofi/1
455 newfs: construct a new file system /dev/rlofi/1: (y/n)? y
456 /dev/rlofi/1: 71638 sectors in 119 cylinders of 1 tracks, 602 sectors
457 35.0MB in 8 cyl groups (16 c/g, 4.70MB/g, 2240 i/g)
458 super-block backups (for fsck -F ufs -o b=#) at:
459 32, 9664, 19296, 28928, 38560, 48192, 57824, 67456,
460 The mapped file system shows that encryption is enabled:
465 # lofiadm
468 Block Device File Options
469 /dev/lofi/1 /export/home/secrets Encrypted
470 Mount and use the filesystem:
475 # mount /dev/lofi/1 /mnt
478 # cp moms_secret_*_recipe /mnt
479 # ls /mnt
480 ./ moms_secret_cookie_recipe moms_secret_soup_recipe
481 ../ moms_secret_fudge_recipe moms_secret_stuffing_recipe
482 lost+found/ moms_secret_meatloaf_recipe moms_secret_waffle_recipe
483 # umount /mnt
484 # lofiadm -d /dev/lofi/1
485 Subsequent attempts to map the filesystem with the wrong key or the
490 wrong encryption algorithm will fail:
491 # lofiadm -c blowfish-cbc -a /export/home/secrets
494 Enter passphrase: mommy (not echoed)
495 Re-enter passphrase: mommy (not echoed)
496 lofiadm: could not map file /root/lofi: Invalid argument
497 # lofiadm
498 Block Device File Options
499 #
500 Attempts to map the filesystem without encryption will succeed, however
505 attempts to mount and use the filesystem will fail:
506 # lofiadm -a /export/home/secrets
509 /dev/lofi/1
510 # lofiadm
511 Block Device File Options
512 /dev/lofi/1 /export/home/secrets -
513 # mount /dev/lofi/1 /mnt
514 mount: /dev/lofi/1 is not this fstype
515 #
516
520 See environ(5) for descriptions of the following environment variables
521 that affect the execution of lofiadm: LC_CTYPE, LC_MESSAGES and
522 NLSPATH.
523
525 The following exit values are returned:
526 0
528 Successful completion.
530 >0
533 An error occurred.
535
538 See attributes(5) for descriptions of the following attributes:
539 ┌─────────────────────────────┬─────────────────────────────┐
544 │ATTRIBUTE TYPE │ATTRIBUTE VALUE │
545 ├─────────────────────────────┼─────────────────────────────┤
546 │Availability │SUNWcsu │
547 └─────────────────────────────┴─────────────────────────────┘
548
550 fsck(1M), mount(1M), mount_ufs(1M), newfs(1M), attributes(5), lofi(7D),
551 lofs(7FS)
552
554 Just as you would not directly access a disk device that has mounted
555 file systems, you should not access a file associated with a block
556 device except through the lofi file driver. It might also be appropri‐
557 ate to ensure that the file has appropriate permissions to prevent such
558 access.
559 The abilities of lofiadm, and who can use them, are controlled by the
562 permissions of /dev/lofictl. Read-access allows query operations, such
563 as listing all the associations. Write-access is required to do any
564 state-changing operations, like adding an association. As shipped,
565 /dev/lofictl is owned by root, in group sys, and mode 0644, so all
566 users can do query operations but only root can change anything. The
567 administrator can give users write-access, allowing them to add or
568 delete associations, but that is very likely a security hole and should
569 probably only be given to a trusted group.
570 When mounting a filesystem image, take care to use appropriate mount
573 options. In particular, the nosuid mount option might be appropriate
574 for UFS images whose origin is unknown. Also, some options might not be
575 useful or appropriate, like logging or forcedirectio for UFS. For com‐
576 patibility purposes, a raw device is also exported along with the block
577 device. For example, newfs(1M) requires one.
578 The output of lofiadm (without arguments) might change in future
581 releases.
582SunOS 5.11 31 Aug 2009 lofiadm(1M)