svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
lofiadm(8)
System Administration Commands lofiadm(8)
NAME
lofiadm - administer files available as block devices through lofi
SYNOPSIS
/usr/sbin/lofiadm [-b block_size] [-u user:group] -a | -r file [device]
/usr/sbin/lofiadm -l [-b block_size] [-u user:group] -a file
/usr/sbin/lofiadm -l [-b block_size] [-u user:group] -r file [device]
/usr/sbin/lofiadm -c crypto_algorithm [-b block_size] [-u user:group] -a file | -r [device]
/usr/sbin/lofiadm -c crypto_algorithm -l [-b block_size] [-u user:group] -a file
/usr/sbin/lofiadm -c crypto_algorithm -l [-b block_size] [-u user:group] -r file [device]
/usr/sbin/lofiadm -c crypto_algorithm -k raw_key_file
[-b block_size] [-u user:group] -a | -r file [device]
/usr/sbin/lofiadm -c crypto_algorithm -k raw_key_file
-l [-b block_size] [-u user:group] -a file
/usr/sbin/lofiadm -c crypto_algorithm -k raw_key_file
-l [-b block_size] [-u user:group] -r file [device]
/usr/sbin/lofiadm -c crypto_algorithm -T token_key [-b block_size]
[-u user:group] -a | -r file [device]
/usr/sbin/lofiadm -c crypto_algorithm -T token_key
-l [-b block_size] [-u user:group] -a file
/usr/sbin/lofiadm -c crypto_algorithm -T token_key -l
[-b block_size] [-u user:group] -r file [device]
/usr/sbin/lofiadm -c crypto_algorithm -T token_key -k wrapped_key
[-b block_size] [-u user:group] -a | -r file [device]
/usr/sbin/lofiadm -c crypto_algorithm -T token_key -k wrapped_key
-l [-b block_size] [-u user:group] -a file
/usr/sbin/lofiadm -c crypto_algorithm -T token_key -k wrapped_key
-l [-b block_size] [-u user:group] -r file [device]
/usr/sbin/lofiadm -c crypto_algorithm -e [-b block_size] [-u user:group] -a file [device]
/usr/sbin/lofiadm -c crypto_algorithm -e -l [-b block_size] [-u user:group] -a file
/usr/sbin/lofiadm -C algorithm [-s segment_size] file
/usr/sbin/lofiadm -d file | device
/usr/sbin/lofiadm -U file
/usr/sbin/lofiadm [ file | device]
/usr/sbin/lofiadm -r device]
/usr/sbin/lofiadm -l -r
DESCRIPTION
lofiadm administers lofi, the loopback file driver. lofi allows a file
to be associated with a block device. That file can then be accessed
through the block device. This is useful when the file contains an
image of some filesystem (such as a CD-ROM image), because the block
device can then be used with the normal system utilities for mounting,
checking or repairing file systems. See fsck(8) and mount(8).
Use lofiadm to add a file as a loopback device, remove such an associa‐
tion, or display information about the current associations.
Two types of loopback devices can be created: a normal read-write loop‐
back device and a removable loopback device. They differ in the follow‐
ing ways.
Firstly, a file cannot be dissociated from a normal loopback device
during its lifetime. By contrast, a file can be dissociated from a
removable loopback device, which leaves it as an empty loopback device.
Following disassociation, a different file can be associated with it.
Note that eject(1) should be used to dissociate a file from a removable
device.
Secondly, there is one-to-one mapping between a normal loopback device
and its associated file. By contrast, a single file can be associated
with multiple removable loopback devices at the same time.
Thirdly, a normal loopback device is writable. A removable loopback
device is read-only.
Furthermore, if -l is used when creating a loopback device (writable or
removable), you can create labeled writable or removable loopback
devices. Instead of getting /dev/[r]lofi/x device links, for labeled
loopback devices, /dev/[r]dsk/cxdx[p|s]x will be generated, through
which partitions or slices on the disk image file can be accessed.
The number of potential lofi devices is limited by the zone.max-lofi
rctl, which can be set by means of zonecfg(8) in the global zone. See
resource-controls(7) for a description of zone.max-lofi.
Encryption and compression options are mutually exclusive on the com‐
mand line. Further, an encrypted file cannot be compressed later, nor
can a compressed file be encrypted later.
In the global zone, lofiadm can be used on both the global zone devices
and all devices owned by other non-global zones on the system.
OPTIONS
The following options are supported:
-a | -r file [device]
Add file as a normal loopback device, when -a is specified or a
removable loopback device, when -r is specified.
If device is not specified, a non-existing device is picked.
If device is specified, lofiadm attempts to assign it to file. If
-a is specified, device must not exist or lofiadm will fail. If -r
is specified, lofiadm will fail if device exists and is not an
empty removable loopback device.
-b block_size
This option should be used together with the -a or -r option to
specify the block size of the disk image when the loopback device
is created.
-u user:group
The user and group that should be used for accessing the given
file. User can be specified as either a user name or a numeric user
id. The group can be specified as a group name or a numeric group
id. The -u option is not supported with the -C and -U options.
-C {gzip | gzip-N | lzma}
Compress the file with the specified compression algorithm.
The gzip compression algorithm uses the same compression as the
open-source gzip command. You can specify the gzip level by using
the value gzip-N where N is 6 (fast) or 9 (best compression ratio).
Currently, gzip, without a number, is equivalent to gzip-6 (which
is also the default for the gzip command).
lzma stands for the LZMA (Lempel-Ziv-Markov) compression algorithm.
Note that you cannot write to a compressed file, nor can you mount
a compressed file read/write.
Note that removal by file will fail if multiple devices is cur‐
rently associated with it. Use removal by device in this case.
-d file | device
Remove an association by file or device name, if the associated
block device is not busy, and deallocates the block device.
-l
This option should be used together with the -a or -r option to
create a labeled loopback device. Note that, when creating a
labeled loopback device, the device path cannot be specified by
user.
-s segment_size
The segment size to use to divide the file being compressed. seg‐
ment_size can be an integer multiple of 512.
-U file
Uncompress a compressed file.
The following options are used when the file is encrypted:
-c crypto_algorithm
Select the encryption algorithm. The algorithm must be specified
when encryption is enabled because the algorithm is not stored in
the disk image.
If none of -e, -k, or -T is specified, lofiadm prompts for a
passphrase, with a minimum length of eight characters, to be
entered. The passphrase is used to derive a symmetric encryption
key using PKCS#5 PBKD2.
-k raw_key_file | wrapped_key_file
Path to raw or wrapped symmetric encryption key. If a PKCS#11
object is also given with the -T option, then the key is wrapped by
that object. If -T is not specified, the key is used raw.
-T token_key
The key in a PKCS#11 token to use for the encryption or for unwrap‐
ping the key file.
If -k is also specified, -T identifies the unwrapping key, which
must be an RSA private key.
-e
Generate an ephemeral symmetric encryption key. Note that you can‐
not use -e together with -r.
-r [device]
Create an empty removable loopback device. A file can be associated
with that device at a later time.
If device is not specified, a non-existing device is selected.
If device is specified, lofiadm attempts to select it. device must
not exist or lofiadm will fail.
OPERANDS
The following operands are supported:
crypto_algorithm
One of: aes-128-cbc, aes-192-cbc, aes-256-cbc, des3-cbc, blowfish-
cbc.
device
Display the file name associated with the block device device.
Without arguments, print a list of the current associations. File‐
names must be valid absolute pathnames.
When a file is added, it is opened for reading or writing by root.
Any restrictions apply (such as restricted root access over NFS).
The file is held open until the association is removed. It is not
actually accessed until the block device is used, so it will never
be written to if the block device is only opened read-only.
Note that the filename might appear with a question mark (?) in
front of it, if the file is not accessible. Or it will appear as
two question marks (??), if it is not possible to retrieve the path
in the current context. Or, the filename might appear as a dash (-)
if the device is an empty removable loopback device.
file
Display all block device(s) associated with file.
raw_key_file
Path to a file of the appropriate length, in bits, to use as a raw
symmetric encryption key. The key size, in bits, must match the
encryption algorithm specified by the -c option.
token_key
PKCS#11 token object in the format:
token_name:manufacturer_id:serial_number:key_label
All but the key label are optional and can be empty. For example,
to specify a token object with only its key label MylofiKey, use:
-T :::MylofiKey
wrapped_key_file
Path to file containing a symmetric encryption key wrapped by the
RSA private key specified by -T.
EXAMPLES
Example 1 Mounting an Existing CD-ROM Image
You should ensure that Solaris understands the image before creating
the CD. lofi allows you to mount the image and see if it works.
This example mounts an existing CD-ROM image (sparc.iso), of the Red
Hat 6.0 CD which was downloaded from the Internet. It was created with
the mkisofs utility from the Internet.
Use lofiadm to attach a block device to it:
# lofiadm -a /home/mike_s/RH6.0/sparc.iso
/dev/lofi/1
lofiadm picks the device and prints the device name to the standard
output. You can run lofiadm again by issuing the following command:
# lofiadm
Block Device File Options
/dev/lofi/1 /home/mike_s/RH6.0/sparc.iso -
Or, you can give it one name and ask for the other, by issuing the fol‐
lowing command:
# lofiadm /dev/lofi/1
/home/mike_s/RH6.0/sparc.iso
Use the mount command to mount the image:
# mount -F hsfs -o ro /dev/lofi/1 /mnt
Check to ensure that Solaris understands the image:
# df -k /mnt
Filesystem kbytes used avail capacity Mounted on
/dev/lofi/1 512418 512418 0 100% /mnt
# ls /mnt
./ RedHat/ doc/ ls-lR rr_moved/
../ TRANS.TBL dosutils/ ls-lR.gz sbin@
.buildlog bin@ etc@ misc/ tmp/
COPYING boot/ images/ mnt/ usr@
README boot.cat* kernels/ modules/
RPM-PGP-KEY dev@ lib@ proc/
Solaris can mount the CD-ROM image, and understand the filenames. The
image was created properly, and you can now create the CD-ROM with con‐
fidence.
As a final step, unmount and detach the images:
# umount /mnt
# lofiadm -d /dev/lofi/1
# lofiadm
Block Device File Options
Example 2 Making a UFS Filesystem on a File
Making a UFS filesystem on a file can be useful, particularly if a test
suite requires a scratch filesystem. It can be painful (or annoying) to
have to repartition a disk just for the test suite, but you do not have
to. You can newfs a file with lofi
Create the file:
# mkfile 35m /export/home/test
Attach it to a block device. You also get the character device that
newfs requires, so newfs that:
# lofiadm -a /export/home/test
/dev/lofi/1
# newfs /dev/rlofi/1
newfs: construct a new file system /dev/rlofi/1: (y/n)? y
/dev/rlofi/1: 71638 sectors in 119 cylinders of 1 tracks, 602 sectors
35.0MB in 8 cyl groups (16 c/g, 4.70MB/g, 2240 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 9664, 19296, 28928, 38560, 48192, 57824, 67456,
Note that ufs might not be able to use the entire file. Mount and use
the filesystem:
# mount /dev/lofi/1 /mnt
# df -k /mnt
Filesystem kbytes used avail capacity Mounted on
/dev/lofi/1 33455 9 30101 1% /mnt
# ls /mnt
./ ../ lost+found/
# umount /mnt
# lofiadm -d /dev/lofi/1
Example 3 Creating a PC (FAT) File System on a UNIX File
The following series of commands creates a FAT file system on a UNIX
file. The file is associated with a block device created by lofiadm.
# mkfile 10M /export/test/testfs
# lofiadm -a /export/test/testfs
/dev/lofi/1
Note use of rlofi, not lofi, in following command.
# mkfs -F pcfs -o nofdisk,size=20480 /dev/rlofi/1
Construct a new FAT file system on /dev/rlofi/1: (y/n)? y
# mount -F pcfs /dev/lofi/1 /mnt
# cd /mnt
# df -k .
Filesystem kbytes used avail capacity Mounted on
/dev/lofi/1 10142 0 10142 0% /mnt
Example 4 Compressing an Existing CD-ROM Image
The following example illustrates compressing an existing CD-ROM image
(solaris.iso), verifying that the image is compressed, and then uncom‐
pressing it.
# lofiadm -C gzip /export/home/solaris.iso
Use lofiadm to attach a block device to it:
# lofiadm -a /export/home/solaris.iso
/dev/lofi/1
Check if the mapped image is compressed:
# lofiadm
Block Device File Options
/dev/lofi/1 /export/home/solaris.iso Compressed(gzip)
/dev/lofi/2 /export/home/regular.iso -
Unmap the compressed image and uncompress it:
# lofiadm -d /dev/lofi/1
# lofiadm -U /export/home/solaris.iso
Example 5 Creating an Encrypted UFS File System on a File
This example is similar to the example of making a UFS filesystem on a
file, above.
Create the file:
# mkfile 35m /export/home/test
Attach the file to a block device and specify that the file image is
encrypted. As a result of this command, you obtain the character
device, which is subsequently used by newfs:
# lofiadm -c aes-256-cbc -a /export/home/secrets
Enter passphrase: My-M0th3r;l0v3s_m3+4lw4ys! (
not echoed)
Re-enter passphrase: My-M0th3r;l0v3s_m3+4lw4ys! (
not echoed)
/dev/lofi/1
# newfs /dev/rlofi/1
newfs: construct a new file system /dev/rlofi/1: (y/n)? y
/dev/rlofi/1: 71638 sectors in 119 cylinders of 1 tracks, 602 sectors
35.0MB in 8 cyl groups (16 c/g, 4.70MB/g, 2240 i/g)
super-block backups (for fsck -F ufs -o b=#) at:
32, 9664, 19296, 28928, 38560, 48192, 57824, 67456,
The mapped file system shows that encryption is enabled:
# lofiadm
Block Device File Options
/dev/lofi/1 /export/home/secrets Encrypted
Mount and use the filesystem:
# mount /dev/lofi/1 /mnt
# cp moms_secret_*_recipe /mnt
# ls /mnt
./ moms_secret_cookie_recipe moms_secret_soup_recipe
../ moms_secret_fudge_recipe moms_secret_stuffing_recipe
lost+found/ moms_secret_meatloaf_recipe moms_secret_waffle_recipe
# umount /mnt
# lofiadm -d /dev/lofi/1
Subsequent attempts to map the filesystem with the wrong key or the
wrong encryption algorithm will fail:
# lofiadm -c blowfish-cbc -a /export/home/secrets
Enter passphrase: mommy (not echoed)
Re-enter passphrase: mommy (not echoed)
lofiadm: could not map file /root/lofi: Invalid argument
# lofiadm
Block Device File Options
#
Attempts to map the filesystem without encryption will succeed, however
attempts to mount and use the filesystem will fail:
# lofiadm -a /export/home/secrets
/dev/lofi/1
# lofiadm
Block Device File Options
/dev/lofi/1 /export/home/secrets -
# mount /dev/lofi/1 /mnt
mount: /dev/lofi/1 is not this fstype
#
Example 6 Manipulating a Removable Loopback Device
The following example illustrates how to create an empty removable
loopback device, associate a file with it, and then dissociate the file
from the device.
Use lofiadm to create an empty removable loopback device:
# lofiadm -r
/dev/lofi/1
Verify that the device has been created:
# lofiadm
Block Device File Options
/dev/lofi/1 - Removable,Readonly
Use lofiadm to associate a file with the device:
# lofiadm -r /export/home/solaris.iso /dev/lofi/1
/dev/lofi/1
Verify that the association has succeeded:
# lofiadm
Block Device File Options
/dev/lofi/1 /export/home/solaris.iso Removable,Readonly
Use eject to dissociate the file from the device:
# eject /dev/lofi/1
Verify that the dissociation succeeded:
# lofiadm
Block Device File Options
/dev/lofi/1 - Removable,Readonly
Example 7 Using a Labeled Loopback Device
The following example illustrates how to create a labeled, writable
loopback device.
Use lofiadm to create a labeled loopback device:
# lofiadm -la /export/home/disk_image
/dev/dsk/c0d1p0
Verify that the association has succeeded:
# lofiadm
Block Device File Options
/dev/dsk/c0d1p0 /export/home/disk_image Labeled
Example 8 Creating a lofi Device With Given User and Group
The following example illustrates how to create a lofi device with
given user and group. Use lofiadm to create a loopback device on a file
owned by admin:staff.
# lofiadm -u admin:staff -a /export/home/disk_image
Use lofiadm to create a labeled loopback device on a file owned by
admin:staff.
# lofiadm -u admin:staff -la /export/home/disk_image
ENVIRONMENT VARIABLES
See environ(7) for descriptions of the following environment variables
that affect the execution of lofiadm: LC_CTYPE, LC_MESSAGES and
NLSPATH.
EXIT STATUS
The following exit values are returned:
0
Successful completion.
>0
An error occurred.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEATTRIBUTE VALUE _ Avail‐
abilitysystem/core-os
SEE ALSO
eject(1), lofi(4D), lofs(4FS), attributes(7), resource-controls(7),
fsck(8), mount(8), mount_ufs(8), newfs(8), zonecfg(8)
NOTES
Just as you would not directly access a disk device that has mounted
file systems, you should not access a file associated with a block
device except through the lofi file driver. It might also be appropri‐
ate to ensure that the file has appropriate permissions to prevent such
access.
The abilities of lofiadm, and who can use them, are controlled by the
permissions of /dev/lofictl. Read-access allows query operations, such
as listing all the associations. Write-access is required to do any
state-changing operations, like adding an association. As shipped,
/dev/lofictl is owned by root, in group sys, and mode 0644, so all
users can do query operations but only root can change anything. The
administrator can give users write-access, allowing them to add or
delete associations, but that is very likely a security hole and should
probably only be given to a trusted group.
When mounting a filesystem image, take care to use appropriate mount
options. In particular, the nosuid mount option might be appropriate
for UFS images whose origin is unknown. Also, some options might not be
useful or appropriate, like logging or forcedirectio for UFS. For com‐
patibility purposes, a raw device is also exported along with the block
device. For example, newfs(8) requires one.
The output of lofiadm (without arguments) might change in future
releases.
Oracle Solaris 11.4 11 May 2021 lofiadm(8)