Bug 1159987

Summary: Systemd prevents to mount an encrypted home directory
Product: [Fedora] Fedora Reporter: Pierre Juhen <pierre.juhen>
Component: systemdAssignee: systemd-maint
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 20CC: gordon+rhbugs, johannbg, jsynacek, lnykryn, msekleta, pierre.juhen, s, systemd-maint, vpavlin, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-11-14 04:56:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pierre Juhen 2014-11-03 19:28:18 UTC 
Description of problem:
Systemd prevents to mount an encrypted home directory

Version-Release number of selected component (if applicable):
208-25

How reproducible:
Systematic

Steps to Reproduce:
1.Appends on first reboot after upgrade to version 208-25


Actual results:
System refuses to mount home directory. The luks filesystem is correctly opened by pam_mount and accessible under /dev/mapper

The filesystem can be mounted elsewhere (/mnt/something/), but not under /home.

Downgrade to 208-9 solved the issue.

Additional info: Log
Nov  3 06:55:17 pierre kernel: [  434.377555] EXT4-fs (dm-15): mounted filesystem with ordered data mode. Opts: (null)
Nov  3 06:55:17 pierre kernel: EXT4-fs (dm-15): mounted filesystem with ordered data mode. Opts: (null)
Nov  3 06:55:17 pierre kernel: [  434.398181] Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: [  434.400010] Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: [  434.401004] Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: [  434.402717] Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: [  434.404482] Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: [  434.405046] Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: [  434.406861] Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: [  434.406936] Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:17 pierre kernel: Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).  Use CAP_NET_ADMIN and alias netdev- instead.
Nov  3 06:55:27 pierre dbus-daemon: dbus[967]: [system] Activating via systemd: service name='org.freedesktop.PackageKit' unit='packagekit.service'
Nov  3 06:55:27 pierre dbus[967]: [system] Activating via systemd: service name='org.freedesktop.PackageKit' unit='packagekit.service'
Nov  3 06:55:27 pierre systemd: Starting PackageKit Daemon...
Nov  3 06:55:27 pierre dbus-daemon: dbus[967]: [system] Successfully activated service 'org.freedesktop.PackageKit'
Nov  3 06:55:27 pierre dbus[967]: [system] Successfully activated service 'org.freedesktop.PackageKit'
Nov  3 06:55:27 pierre systemd: Started PackageKit Daemon.
Nov  3 06:55:30 pierre PackageKit: get-updates transaction /18065_cecdcbdd from uid 0 finished with success after 3015ms
Nov  3 06:57:42 pierre chronyd[961]: Selected source 37.187.56.220
Nov  3 06:58:30 pierre systemd: Unit home-pierre.mount is bound to inactive service. Stopping, too.
Nov  3 06:58:30 pierre systemd: Unmounting /home/pierre...
Nov  3 06:58:30 pierre systemd: Unmounted /home/pierre.
Comment 1 Pierre Juhen 2014-11-05 21:47:25 UTC 
This bug is NOT corrected by 208-26 !!!

Relevant log messages is :

Unit home-pierre.mount is bound to inactive service. Stopping, too.
Comment 2 Jan Synacek 2014-11-10 13:06:21 UTC 
I have a LUKS-encrypted home and it always mounts correctly on boot. Please, provide output of "journalctl -b" when the mount fails, your /etc/fstab and /etc/crypttab (minus any sensitive info that might be there, of course).
Comment 3 GordonL 2014-11-11 02:07:25 UTC 
I just did a "yum update" and rebooted my F20 laptop and encountered what sounds like the same problem.  I would attempt a manual mount of my encrypted partition ("mount /dev/mapper/hax-crypt /crypt") and it would be immediately unmounted per these messages in /var/log/messages:

Nov 10 17:37:25 hax kernel: [   67.075132] EXT4-fs (dm-4): mounted filesystem with ordered data mode. Opts: (null)
Nov 10 17:37:25 hax kernel: EXT4-fs (dm-4): mounted filesystem with ordered data mode. Opts: (null)
Nov 10 17:37:25 hax systemd: Unit crypt.mount is bound to inactive service. Stopping, too.
Nov 10 17:37:25 hax systemd: Unmounting /crypt...
Nov 10 17:37:25 hax systemd: Unmounted /crypt.

If I made a directory named /crypt2 and mount to there instead, all worked fine.  I checked /etc/fstab and I had this entry:

/dev/mapper/luks-05da92de-5fc1-495a-8c07-5ea8bf931a55 /crypt                  ext4    defaults,x-systemd.device-timeout=0,noauto 1 2

I don't think this is a new entry since /etc/fstab is dated from last December.  Anyway, I'm commented out that entry and rebooted and things seem to be working fine again, at least for now.  I'm hoping that dropping this entry won't cause any problems.

For completeness, I'll mention that I also had this corresponding entry in /etc/crypttab (but I didn't change it):

luks-05da92de-5fc1-495a-8c07-5ea8bf931a55 UUID=05da92de-5fc1-495a-8c07-5ea8bf931a55 none noauto
Comment 4 Pierre Juhen 2014-11-14 04:56:27 UTC 
After the comment of Gordon, I did a check of /etc/fstab.

Here is the correspondending entry :

LABEL=home_pierre  /home/pierre    ext4    defaults,noauto,noatime,discard 1 2

I discoverde that the corresponding volume lost its label during maintenance operations, probably a long time ago.

After putting the right label, it works.

So it seems that systemd verifies more thoroughly the consistency of /etc/fstab.

Thank you,

Regards