Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Utilities for CTE Management

fsfreeze and xfs_freeze

search

Please Note:

printsuggest an editpdf paneldownload

fsfreeze and xfs_freeze

Users can freeze, snapshot, and unfreeze a file system with an SecFS GuardPoint using fsfreeze|xfs_freeze for both XFS and EXT3/4.

SecFS supports freezing with fsfreeze|xfs_freeze or by any other program issuing the same type of requests. Freezing SecFS results in freezing the underlying file system, as well as the primary file system.

copy link to clipboardRestrictions

There are restrictions for using fsfreeze|xfs_freeze support with CTE.

copy link to clipboardPlatform Restrictions

The following platform restrictions occur with CTE and fsfreeze|xfs_freeze:

  • CTE supports the fsfreeze|xfs_freeze utility for freezing SECFS GuardPoints on all Linux distributions for kernels >=3.0 for Redhat, SLES, and Ubuntu platforms on EXT3/EXT4/XFS file systems. (Earlier Kernels do not contain the proper freeze_super VFS code).

copy link to clipboardTarget Restrictions

The expected target of the fsfreeze|xfs_freeze command is the path of the GuardPoint.

For example, if /dev/sdb is mounted as ext4 on /data and CTE contains the GuardPoint: /data/protected, then the target of fsfreeze must be /data/protected, not /data.

Valid: 

fsfreeze -f /data/protected

Not valid:

fsfreeze -f /data

copy link to clipboardFile System Restrictions

The following file system restrictions occur with CTE and fsfreeze|xfs_freeze:

  • If multiple GuardPoints exist on the same file system, you only need to freeze one.

    For example, if /dev/sdb is mounted as ext4 on /data and the CTE GuardPoints are /data/protected1 and /data/protected2, then issuing:

    fsfreeze -f /data/protected1

    freezes /data/protected1, /data/protected2 and the underlying ext4 file system.

Caution

Do not unguard a GuardPoint, or restart the CTE Agent, while the file system is frozen. The only action permitted on a frozen file system is taking a snapshot or backing up.

  • If you try to freeze /data/protected2 after freezing /data/protected1, it returns as busy

  • If you are not permitted to freeze one GuardPoint, then you cannot freeze any GuardPoints

copy link to clipboardLDT Restrictions

  • You cannot freeze a file system while it is undergoing an LDT rekey operation. If it detects a rekey, the freeze returns as busy

  • You cannot start an LDT rekey on a frozen file system

copy link to clipboardOffline Data Transformation Restrictions

Do NOT use fsfreeze|xfs_freeze while an offline transform policy is in effect.

On this page