Bug 719091

Summary: ecryptfs won't mount encrypted filesystem
Product: [Fedora] Fedora Reporter: Walter Neumann <neumann>
Component: ecryptfs-utilsAssignee: Michal Hlavinka <mhlavink>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 15CC: esandeen, mhlavink
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: ecryptfs-utils-87-6.fc14 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-03 22:53:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
strace of mount command
none
strace with -f of mount command none

Description Walter Neumann 2011-07-05 18:19:49 UTC 
Description of problem: Since upgrade to Fedora 15 "mount -t ecryptfs dir1 dir2" fails to mount the encrypted directory dir1 on dir2


Version-Release number of selected component (if applicable):

ecryptfs-utils-87-3.fc15.i686 on 32 bit machine
ecryptfs-utils-87-3.fc15.x86_64 on 64 bit machine

How reproducible:

Always

Steps to Reproduce:
1. as root run "mount -t ecryptfs dir1 dir2"

2. enter passphrase when requested

3. Passphrase is accepted, but nount fails with error:
Error mounting eCryptfs: [-22] Invalid argument
Check your system logs; visit <http://launchpad.net/ecryptfs>
  
Actual results:

Passphrase is accepted, but nount fails with error:
Error mounting eCryptfs: [-22] Invalid argument
Check your system logs; visit <http://launchpad.net/ecryptfs>

dmesg shows:

Mount on filesystem of type eCryptfs explicitly disallowed due to known incompatibilities
Reading sb failed; rc = [-22]

Expected results:

Filesystem should mount OK. (Luckily still works fine under FC13, so I still have my data.)
Additional info:
Comment 1 Eric Sandeen 2011-07-05 18:23:21 UTC 
> Mount on filesystem of type eCryptfs explicitly disallowed due to known
incompatibilities

Are you sure "dir1" isn't already a mounted eCryptfs fs?

This is trying to catch:

# mount -t ecryptfs dir1 dir2
# mount -t ecryptfs dir2 dir3

which is a disaster in the making.

can you do:

# cat /proc/mounts
# mount -t ecryptfs <actual dir names>

and paste it in?
Comment 2 Walter Neumann 2011-07-05 19:15:03 UTC 
I didn't notice mount is actually succeeding, but I consistently get misleading error messages on both machines even though mount succeeds. Here the error messages:

Console (both i686 and x86_64):
 Error mounting eCryptfs: [-5] Input/output error
 Check your system logs; visit <http://launchpad.net/ecryptfs>

/var/log/messages (both i686 and x86_64):
 mount.ecryptfs: Failed to write to the mount table

dmesg (i686):

[149345.089000] Mount on filesystem of type eCryptfs explicitly disallowed due to known incompatibilities
[149345.091908] Reading sb failed; rc = [-22]

dmesg (x86_64):

[1397105.411476] ecryptfs_parse_options: eCryptfs: unrecognized option [key=passphrase]
[1397105.417415] Could not find key with description: [xxxxxxxxxxxxxxxx]
[1397105.417419] process_request_key_err: No key
[1397105.417421] Could not find valid key in user session keyring for sig specified in mount option: [xxxxxxxxxxxxxxxx]
[1397105.417423] One or more global auth toks could not properly register; rc = [-2]
[1397105.417426] Error parsing options; rc = [-2]

So still a bug but not critical
Comment 3 Eric Sandeen 2011-07-05 19:33:15 UTC 
>  mount.ecryptfs: Failed to write to the mount table

probably because /etc/mtab is now a symlink to readonly /proc/mounts.  strace it and see?

> [149345.089000] Mount on filesystem of type eCryptfs explicitly disallowed due
to known incompatibilities

you didn't give me /proc/mounts so I don't know what's going on there yet.

But the only way it should be able to happen is if your "lower" filesystem is already ecryptfs:

        if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) {
                rc = -EINVAL;
                printk(KERN_ERR "Mount on filesystem of type "
                        "eCryptfs explicitly disallowed due to "
                        "known incompatibilities\n");
                goto out_free;
        }

> ecryptfs_parse_options: eCryptfs: unrecognized option
[key=passphrase]

is that edited, or did you literally do "mount -t ecryptfs -o key=passphrase" ?
Comment 4 Michal Hlavinka 2011-07-08 08:41:15 UTC 
(In reply to comment #3)
> >  mount.ecryptfs: Failed to write to the mount table
> 
> probably because /etc/mtab is now a symlink to readonly /proc/mounts.  strace
> it and see?

it should be fixed since ecryptfs-utils-87-3.fc15 but checking it with strace won't do any harm ;)

Anyway, as Eric said, we need content of /proc/mount and complete mount command you are using
Comment 5 Walter Neumann 2011-07-08 12:23:47 UTC 
Created attachment 511928 [details]
strace of mount command
Comment 6 Walter Neumann 2011-07-08 12:26:45 UTC 
After rebooting the error messages have calmed a lot. I still get the misleading

 Error mounting eCryptfs: [-5] Input/output error
 Check your system logs; visit <http://launchpad.net/ecryptfs>

in the terminal and 

 mount.ecryptfs: Failed to write to the mount table

in /var/log/messages

I just sent an strace for the command "sudo mount -t ecryptfs dir1 dir2"
Comment 7 Walter Neumann 2011-07-08 12:38:41 UTC 
Created attachment 511930 [details]
strace with -f of mount command

This strace was done with -f option.
Comment 8 Eric Sandeen 2011-07-08 14:35:19 UTC 
3949  open("/etc/mtab", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3
...
3949  write(3, "/home/neumann/work/dir1 /home/neum"..., 195) = -1 EINVAL (Invalid argument)

sooo it's still trying to write /etc/mtab
Comment 9 Michal Hlavinka 2011-07-11 11:21:00 UTC 
(In reply to comment #8)
> 3949  open("/etc/mtab", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3
> ...
> 3949  write(3, "/home/neumann/work/dir1 /home/neum"..., 195) = -1 EINVAL
> (Invalid argument)
> 
> sooo it's still trying to write /etc/mtab

right, seems that the patch I got does not fix all occurrences. Just a sec...
Comment 10 Fedora Update System 2011-07-11 12:45:25 UTC 
ecryptfs-utils-87-5.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/ecryptfs-utils-87-5.fc15
Comment 11 Walter Neumann 2011-07-12 00:47:53 UTC 
This fixes it for me. Thanks
Comment 12 Michal Hlavinka 2011-07-12 08:36:32 UTC 
Please do not change bug status, only bug assignee/bugzapper/bot should do this. Adding comment is enough. You can close bug notabug if you report it and find out that it's not a bug before bug gets any attention. In other case just add comment. Thanks
Comment 13 Fedora Update System 2011-07-19 14:42:50 UTC 
ecryptfs-utils-87-5.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/ecryptfs-utils-87-5.fc14
Comment 14 Fedora Update System 2011-07-19 14:43:03 UTC 
ecryptfs-utils-87-6.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/ecryptfs-utils-87-6.fc15
Comment 15 Fedora Update System 2011-07-23 01:59:36 UTC 
Package ecryptfs-utils-87-7.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ecryptfs-utils-87-7.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/ecryptfs-utils-87-7.fc15
then log in and leave karma (feedback).
Comment 16 Fedora Update System 2011-08-03 22:52:59 UTC 
ecryptfs-utils-87-7.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 17 Fedora Update System 2011-08-03 22:53:22 UTC 
ecryptfs-utils-87-6.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.