Bug 448787
| Summary: | eCryptfs mount on NFS fails | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Jarod Wilson <jarod> | ||||
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
| Status: | CLOSED WONTFIX | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 5.3 | CC: | dwalsh, eparis, esandeen, lwang | ||||
| Target Milestone: | rc | Keywords: | Reopened | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2008-08-01 15:50:21 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 450867 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
|
Description
Jarod Wilson
2008-05-28 19:56:42 UTC
More complete instructions for reproducer setup:
1) export /data on server
2) mount server:/data to /data on client
3) create directory /data/encrypted
4) # mount -t ecryptfs /data/encrypted /data/encrypted
Select key type to use for newly created files:
1) openssl
2) passphrase
Selection: 2
Passphrase: foofoo
Verify Passphrase: foofoo
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (loaded)
2) blowfish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Selection [aes]: aes
Select key bytes:
1) 16
2) 32
3) 24
Selection [16]: 2
Attempting to mount with the following options:
ecryptfs_key_bytes=32
ecryptfs_cipher=aes
ecryptfs_sig=92868a6a72b0202e
Error mounting eCryptfs; rc = [-95]; strerr = [Operation not supported].
Check your system logs; visit
<http://ecryptfs.sourceforge.net/ecryptfs-faq.html>.
FWIW, this behavior changed between selinux-policy-2.4.6-104.el5 and selinux-policy-2.4.6-137.el5, if that's relevant ... the older version let us mount ok. Are you getting any messages in /var/log/audit/audit.log? dan, I assume this was the addition of an fs_use rule for ecryptfs I've got a patch I hoped to get to list today which should allow us to drop ecryptfs definition from policy and things will 'just work' But its as of yet untested This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. This is likely going to take a policy change (to not give a fs_use_xattr for ecryptfs) but until we decide how to fix the kernel this is really waiting on me... Created attachment 309746 [details]
Policy patch I used on rawhide to support ecryptfs (no idea if it is right)
(In reply to comment #7) > Created an attachment (id=309746) [edit] > Policy patch I used on rawhide to support ecryptfs (no idea if it is right) This, plus your kernel patch in bug 450867, gets ecryptfs atop NFS doing the right thing for me w/o any need for flags. This is a policy bug which depends on the kernel bug. Sorry dan, it needs to stay open until I can get the bug this one depends on fixed. Development Management has reviewed and declined this request. You may appeal this decision by reopening this request. |