-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update linux disk_encryption
to recursively query parent crypt status
#8052
Update linux disk_encryption
to recursively query parent crypt status
#8052
Conversation
disk_encryption
to recursively query parent crypt status
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have not built/tested this branch locally, but the code/flow seems fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I walked through the code. I think it works, but could use a coupe more comments. And maybe we can swap in an early return and ditch the else.
bab4074
to
d757de5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think @Micah-Kolide is manually testing, but I think this is correct
c092925
to
65ab341
Compare
@Micah-Kolide and I spent a long time tinkering with this. And ultimately, while there are several issues around efficiency, this seems worth merging as is. But, notes for next time...
Somewhere in osquery/sqlite there appear to be two issues.
In both cases, playing with These feel like bugs in osquery, and I think I've seen them in the past. I do not think they should block this merge, as this is an improvement over the status quo. |
Ha. The issues I describe are exactly covered by #5379. I knew I'd seen them before |
This change will rely on #8037
Functionally this should minimize getting encryption status from parent devices, but without the constraint being added in block_devices this will not perform well.
Below is the process of acquiring crypt status and overall what is different.
This avoids sorting parents altogether, which I figured made sense here.