@@ -140,14 +140,19 @@ def create_encrypted_filesystem(device_file, key_file=None, context=None):
140140 context .execute (* format_command , sudo = True , tty = (key_file is None ))
141141
142142
143- def unlock_filesystem (device_file , target , key_file = None , context = None ):
143+ def unlock_filesystem (device_file , target , key_file = None , options = None , context = None ):
144144 """
145145 Unlock an encrypted LUKS filesystem.
146146
147147 :param device_file: The pathname of the block special device or file (a string).
148148 :param target: The mapped device name (a string).
149149 :param key_file: The pathname of the key file used to encrypt the
150150 filesystem (a string or :data:`None`).
151+ :param options: An iterable of strings with encryption options
152+ or :data:`None` (in which case the default
153+ encryption options are used). Currently 'discard' and
154+ 'readonly' are the only supported options (other options
155+ are silently ignored).
151156 :param context: An execution context created by :mod:`executor.contexts`
152157 (coerced using :func:`.coerce_context()`).
153158 :raises: :exc:`~executor.ExternalCommandFailed` when the command fails.
@@ -157,6 +162,11 @@ def unlock_filesystem(device_file, target, key_file=None, context=None):
157162 context = coerce_context (context )
158163 logger .debug ("Unlocking filesystem %s .." , device_file )
159164 open_command = ['cryptsetup' ]
165+ if options :
166+ if 'discard' in options :
167+ open_command .append ('--allow-discards' )
168+ if 'readonly' in options :
169+ open_command .append ('--readonly' )
160170 if key_file :
161171 open_command .append ('--key-file=%s' % key_file )
162172 open_command .extend (['luksOpen' , device_file , target ])
@@ -205,6 +215,7 @@ def cryptdisks_start(target, context=None):
205215 unlock_filesystem (context = context ,
206216 device_file = entry .source_device ,
207217 key_file = entry .key_file ,
218+ options = entry .options ,
208219 target = entry .target )
209220 break
210221 else :
0 commit comments