Bug 460496
| Summary: | ecryptfs complains about a missing module, fails and then loads it | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Michal Nowak <mnowak> | ||||||
| Component: | ecryptfs-utils | Assignee: | Michal Hlavinka <mhlavink> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 5.3 | CC: | dustin.kirkland, esandeen, ohudlick, rvokal | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2009-09-02 09:56:37 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
Michal Nowak
2008-08-28 11:36:11 UTC
this needs to be 'openssl_passwd_file=passfile.txt' man says:
"""
passphrase_passwd_file=(filename)
The password should be specified in a file with passwd=(passphrase). It is highly reccomended that the file be stored on a secure medium such as a
personal usb key.
"""
Please fix the man page.
BUT still with openssl_passphrase_passwd_file
---------------------------------------------
newman@dhcp-lab-198 /tmp $ sudo modprobe -r ecryptfs
newman@dhcp-lab-198 /tmp $ lsmod | grep ecr
newman@dhcp-lab-198 /tmp $ sudo /sbin/mount.ecryptfs secret/ secret/ -o key=openssl:openssl_keyfile=/root/.ecryptfs/pki/openssl/mykey.pem:openssl_passphrase_passwd_file=passfile.txt,ecryptfs_cipher=aes,ecryptfs_key_bytes=16
Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which
kernel options are supported.
Make sure that your system is set up to auto-load
your filesystem kernel module on mount.
Enabling passphrase-mode only for now.
Attempting to mount with the following options:
ecryptfs_key_bytes=16
ecryptfs_cipher=aes
Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit <http://ecryptfs.sourceforge.net/ecryptfs-faq.html>.
HERE
----
>>>> newman@dhcp-lab-198 /tmp $ lsmod | grep ecr
>>>> ecryptfs 79693 0
newman@dhcp-lab-198 /tmp $ sudo /sbin/mount.ecryptfs secret/ secret/ -o key=openssl:openssl_keyfile=/root/.ecryptfs/pki/openssl/mykey.pem:openssl_passphrase_passwd_file=passfile.txt,ecryptfs_cipher=aes,ecryptfs_key_bytes=16
Method of providing the passphrase:
1) openssl_passwd: Enter on Console
2) openssl_passwd_file: File Containing Passphrase
3) openssl_passwd_fd: File Descriptor for File Containing Passphrase
Selection [openssl_passwd]:
It
1) fails,
2) loads the kernel module (*because which it failed*),
3) ends,
4) another run of the same mount command is OK (at first glance).
please use openssl_passwd_file instead of openssl_passphrase_passwd_file and you shouldn't get this menu at all. openssl_passphrase_passwd_file is an unknown parameter to mount.ecryptfs and ignored (or handled over to mount). But even with your commandline 1) works 2) works, but the input is hidden 3) continues, but I haven't found a way yet how to use this as pipes don't seem to work. I'm running a Fedora 2.6.27 kernel here, what's the output of uname -a on your system ? Does the directory 'secret' in your working directory exist ? dhcp-lab-198 kernel-oops # ll total 64K drwxr-xr-x 2 newman newman 4.0K Aug 28 10:31 CVS -rwxr-xr-x 1 newman newman 2.0K Aug 28 10:57 kernel-oops.sh -rw-r--r-- 1 newman newman 1.7K Feb 28 2008 Makefile -rw-r--r-- 1 newman newman 986 Feb 27 2008 mykey.pem -rw-r--r-- 1 newman newman 14 Aug 28 12:18 passfile.txt -rw-r--r-- 1 newman newman 197 Feb 28 2008 PURPOSE -rwxr-xr-x 1 newman newman 1.6K Mar 10 12:52 runtest.sh drwxr-xr-x 2 root root 4.0K Aug 28 10:39 secret dhcp-lab-198 kernel-oops # lsmod | grep ecr dhcp-lab-198 kernel-oops # /sbin/mount.ecryptfs secret/ secret/ -o key=openssl:openssl_keyfile=/root/.ecryptfs/pki/openssl/mykey.pem:openssl_passwd_file=passfile.txt,ecryptfs_cipher=aes,ecryptfs_key_bytes=16 Unable to get the version number of the kernel module. Please make sure that you have the eCryptfs kernel module loaded, you have sysfs mounted, and the sysfs mount point is in /etc/mtab. This is necessary so that the mount helper knows which kernel options are supported. Make sure that your system is set up to auto-load your filesystem kernel module on mount. Enabling passphrase-mode only for now. Attempting to mount with the following options: ecryptfs_key_bytes=16 ecryptfs_cipher=aes Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit <http://ecryptfs.sourceforge.net/ecryptfs-faq.html>. dhcp-lab-198 kernel-oops # lsmod | grep ecr ecryptfs 79693 0 dhcp-lab-198 kernel-oops # /sbin/mount.ecryptfs secret/ secret/ -o key=openssl:openssl_keyfile=/root/.ecryptfs/pki/openssl/mykey.pem:openssl_passwd_file=passfile.txt,ecryptfs_cipher=aes,ecryptfs_key_bytes=16 Attempting to mount with the following options: Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit <http://ecryptfs.sourceforge.net/ecryptfs-faq.html>. dhcp-lab-198 kernel-oops # dmesg | tail ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README Error parsing options; rc = [-22] dhcp-lab-198 kernel-oops # uname -a Linux dhcp-lab-198.englab.brq.redhat.com 2.6.18-92.1.9.el5 #1 SMP Wed Jul 16 07:35:57 EDT 2008 i686 i686 i386 GNU/Linux dhcp-lab-198 kernel-oops # file /root/.ecryptfs/pki/openssl/mykey.pem /root/.ecryptfs/pki/openssl/mykey.pem: ASCII text I guess it does not mount because of the old kernel (I'll install one when is some available). But still: """ Unable to get the version number of the kernel module. Please make sure that you have the eCryptfs kernel module loaded, you have sysfs mounted, and the sysfs mount point is in /etc/mtab. This is necessary so that the mount helper knows which kernel options are supported. """ because of not loaded kernel module -> then it loads it -> when issuing the same mount command it fails in expected way (old kernel). I dunno whether is it still parsing problem or kernel (the error msgs are so confusing and meaning less to me...). Created attachment 330453 [details]
against v. 69 - try to load module on get version failure
Committed against upstream git, 850444b. Thanks for the patch, Michal. :-Dustin Created attachment 330649 [details]
move the change to better place
Maybe it's good idea to add "2>/dev/null" to the modprobe system call, to suppress something like "FATAL: Error inserting ecryptfs (/lib/modules/2.6.27.12-170.2.5.fc10.x86_64/kernel/fs/ecryptfs/ecryptfs.ko): Operation not permitted"
previous patch fixed only one place, this brings the change to all other places calling ecryptfs_get_version
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-1307.html |