Bug 454425
Summary: | ecryptfsd cannot start and makes openssl keys useless | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jan Tluka <jtluka> |
Component: | ecryptfs-utils | Assignee: | Michael Halcrow <mhalcrow> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 9 | CC: | esandeen, karsten, kevin, petrosyan |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-10-24 06:14:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 454426 |
Description
Jan Tluka
2008-07-08 12:41:56 UTC
The netlink interface for communications between the kernel and the userspace daemon has been buggy from day 1. Buggy in the sense that the kernel may oops if the netlink feature is used at all. Thus, current versions of the kernel have had the netlink interace disabled by default, in favor of the miscellaneous device file, which replaces the netlink interface. Versions of ecryptfs-utils since 44 support this miscellaneous device file interface. For any version of Fedora shipping versions of the kernel and/or eCryptfs userspace utilities that use the netlink interface, any mode of operation other than passphrase is invalid and should be entirely disabled (for instance, by not installing ecryptfsd and the key module shared object files other than the passphrase module). The netlink interface may have worked by happenstance in prior kernel versions, but, given the numerous problems in subsequent kernel releases, I consider the netlink code to be hopelessly buggy and dangerous to use at this point. Mike Mike, so, we should push -44 or later to F9 right. Would you like to do that or shall I? Thanks, -Eric Actually, Jan, ecryptfs-utils-46 is already in F9 updates. Can you get the latest & re-test? Thanks, -Eric Eric, -46 is part of 'updates-testing' not 'updates' repo at the moment. Anyway I have tried that and these are the results. # modprobe ecryptfs # ecryptfsd -d miscdev # tail /var/log/messages Jul 9 15:48:46 proliant02 ecryptfsd: ecryptfs_init_miscdev: Error whilst attempting to open [/dev/ecryptfs] or [/dev/misc/ecryptfs]; errno msg = [No such file or directory] Jul 9 15:48:46 proliant02 ecryptfsd: main: Failed to initialize messaging; rc = [-5] Jul 9 15:48:46 proliant02 ecryptfsd: Failed to send eCryptfs miscdev message; errno msg = [Bad file descriptor] Jul 9 15:48:46 proliant02 ecryptfsd: ecryptfs_send_message: Failed to register miscdev daemon with the eCryptfs kernel module; rc = [-5] Jul 9 15:48:46 proliant02 ecryptfsd: ecryptfsd_exit: Error attempting to send quit message to kernel; rc = [-5] Jul 9 15:48:46 proliant02 ecryptfsd: ecryptfsd_exit: Closing eCryptfs userspace netlink daemon [2198] Mike, the misc device you talk about should be created when ecryptfs module is loaded, right? I guess this is not yet included in kernel 2.6.25.6-55.fc9 (tried 2.6.25.9-76.fc9, too). The problem is that current kernel in Fedora does not have the patch that introduces miscdev interface. Jan Tluka wrote:
> The problem is that current kernel in Fedora does not have the patch
> that introduces miscdev interface.
Either the miscdev patchset needs to be included in the kernel, or
ecryptfsd (and, hence, any key module other than passphrase) must be an
unavailable feature in the current release. If we go with the later,
then ecryptfsd and the non-passphrase key modules need to be removed from
the SPEC file so that users do not expect to be able to use that part of
eCryptfs in Fedora 9.
Mike
Sorry Jan, I was confused about which parts were in which versions of which piece. When F9 gets 2.6.26 all should be well, or, we could backport the upstream ecryptsf to the current kernel... Works in Fedora 9 now. kernel-2.6.26.5-45.fc9 ecryptfs-utils-46-0.fc9 |