Bug 718309

Summary: pam_mount (mount.crypt) does not remove encrypted device mapper files
Product: [Fedora] Fedora Reporter: Adalbert Prokop <adalbert.prokop>
Component: pam_mountAssignee: Till Maas <opensource>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 15CC: isaacson, jisakiel, opensource, redhat-bugzilla, steve
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-10 21:00:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 648173    
Bug Blocks:    

Description Adalbert Prokop 2011-07-01 18:58:49 UTC 
Description of problem:
pam_mount module does not remove the encrypted device mapper files /dev/dm-X (linked in /dev/mapper/...) after logout.
Even easier to verify: "mount -t crypt" followed by "unmount" does not remove them.

Version-Release number of selected component (if applicable):
pam_mount-2.5-2.fc15.i386

Steps to Reproduce:
1. Create a LUKS encrypted partition (e.g. /dev/sda2)
2. mount -t crypt /dev/sda2 /mnt/test
3. umount /mnt/test

Actual results:
Device mapper file linked from /dev/mapper/_dev_sda2 is still present after umount.

Expected results:
Device mapper file should be removed.

Additional info:
I've reported this incident to upstream Jan Engelhardt which was "resolved" by a terse "Works for me" and a reference to the current pam_mount version 2.10

I've compiled 2.10 for my system, but the problem stays the same: the device mapper file will not be removed. However, it shows the following warning:

"BIG FAT WARNING: This version of mount.crypt does not support unmounting crypto volumes through umount(8) on systems with read-only mtab yet."

/etc/mtab -...-> /proc/self/mtab is read only.

This problem is possibly related to bug 683187 and/or 612179.
Comment 1 Ron Isaacson 2011-07-24 19:46:51 UTC 
I also built 2.10 on FC15 (using Till's spec file, thanks) and am seeing inconsistent behavior. Sometimes the device mapper file is removed right away, sometimes after a short amount of time, and sometimes not at all. I've got an ugly workaround:

1. Add this to /etc/security/pam_mount.conf.xml:

<cryptumount>/usr/local/sbin/umount.crypt.dmfix %(MNTPT)</cryptumount>

2. Create /usr/local/sbin/umount.crypt.dmfix:

#!/bin/bash

MNTPT=$1
umount.crypt "$MNTPT"

DM=`mount | awk '$3 == "$MNTPT" { print $1 }'`
if [[ $DM != "" && -e $DM ]]; then
  dmsetup remove $DM
fi
Comment 2 Fedora Update System 2012-06-20 19:41:21 UTC 
libHX-3.12.1-1.fc17,hxtools-20120514-1.fc17,pam_mount-2.13-1.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/libHX-3.12.1-1.fc17,hxtools-20120514-1.fc17,pam_mount-2.13-1.fc17
Comment 3 Fedora Update System 2012-06-22 08:30:26 UTC 
Package libHX-3.12.1-1.fc17, hxtools-20120514-1.fc17, pam_mount-2.13-1.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libHX-3.12.1-1.fc17 hxtools-20120514-1.fc17 pam_mount-2.13-1.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-9767/libHX-3.12.1-1.fc17,hxtools-20120514-1.fc17,pam_mount-2.13-1.fc17
then log in and leave karma (feedback).
Comment 4 Fedora Update System 2012-07-10 21:00:36 UTC 
libHX-3.12.1-1.fc17, hxtools-20120514-1.fc17, pam_mount-2.13-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.