Bug 1429090

Summary: ecryptfs-simple does not work without proper root environment (su -l)
Product: [Fedora] Fedora Reporter: Raphael Groner <projects.rg>
Component: zulucryptAssignee: Raphael Groner <projects.rg>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: rawhideCC: projects.rg
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: zulucrypt-5.2.0-1.fc25 zulucrypt-5.2.0-1.fc26 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-31 00:20:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1467892    
Bug Blocks: 1428202    

Description Raphael Groner 2017-03-04 08:59:15 UTC 
Description of problem:
ecryptfs-simple does not seem to work as expected on my system when it does not have suid bit set.
…
ecryptfs uses kernel keyring[2] and why does things work with su - and not with anything else remains a mystery to me and my guess is that the keyring works only with a full logged in user and not with a pretending one as created with su,pkexec or. with sudo.
[1] http://man7.org/linux/man-pages/man7/keyrings.7.html

Version-Release number of selected component (if applicable):
ecryptfs-simple-2016.11.16.1-3.fc25

How reproducible:
maybe

Steps to Reproduce:
1. start sirikali, see bug #1428202
2. try to create an ecryptfs container
3.

Actual results:
mounting of ecryptfs volume fails.

Expected results:
ecryptfs volume created successfully.

Additional info:
Upstream provides a patch
https://github.com/mhogomchungu/ecryptfs-simple/issues/2#issuecomment-283991385
Comment 1 Raphael Groner 2017-06-02 09:43:39 UTC 
The mentioned patch needs to get applied in zulucrypt.
Comment 2 Fedora Update System 2017-07-20 07:57:36 UTC 
zulucrypt-5.2.0-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-d0a1c53411
Comment 3 Fedora Update System 2017-07-20 22:51:15 UTC 
zulucrypt-5.2.0-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-d8527a7809
Comment 4 Fedora Update System 2017-07-21 01:22:48 UTC 
zulucrypt-5.2.0-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-d0a1c53411
Comment 5 Fedora Update System 2017-07-31 00:20:41 UTC 
zulucrypt-5.2.0-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2017-07-31 06:24:04 UTC 
zulucrypt-5.2.0-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.