Bug 739878

Summary: RFE: Boot procedure should allow one to skip mounting an encrypted filesystem
Product: Red Hat Enterprise Linux 6 Reporter: David Tonhofer <bughunt>
Component: initscriptsAssignee: David Kaspar // Dee'Kej <deekej>
Status: CLOSED WONTFIX QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: low    
Version: 6.4CC: deekej, eriley, hartsjc, ovasik, rstrode, rvokal
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-06 10:31:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
potential patch none

Description David Tonhofer 2011-09-20 10:26:45 UTC
Description of problem:

Situation: An encrypted filesystem exists on a machine that is being booted.

           There is no immediate need to obtain the filesystem password
           and/or the filesystem is unavailable at this point in time.

           (Scenario: Maintenance on usually powered-down system to be
            performed by a person that has no "need to decrypt")

Problem:   The boot procedure asks you for the password and does not
           relent (using CTRL-C for example)

           Your options:

           reboot single, then mess around with /etc/fstab and
           possible /etc/crypttab

           or

           During earlier installation, have remembered to add "noauto" to
           /etc/fstab so that the encrypted filesystem is not  mounted by
           default.

Solution:  Allow to skip mounting an encrypted filesystem by accepting
           CTRL-C or similar at the prompt.

(On second thoughts, the "noauto" option would be a good solution if one knew about it)
 
Version-Release number of selected component (if applicable):

initscripts-9.03.23-1.el6.x86_64

Comment 2 Bill Nottingham 2011-09-20 15:52:46 UTC
In future major releases we may have a timeout here. However, the current infrastructure does not support that, and it can't easily be added.

'noauto' is documented in both the fstab and crypttab man page.

The initscripts check should exit after 3 attempts. plymouth code may not, assigning there.

Comment 3 Ray Strode [halfline] 2011-09-20 16:49:05 UTC
plymouth has a --number-of-tries option to the ask-for-password command.  I believe initscripts already does --number-of-tries 3

ctrl-c should cancel any pending password requests immediately

Comment 4 Bill Nottingham 2011-09-20 17:10:12 UTC
initscripts in RHEL 6, at least, does not pass any --number-of-tries.

Comment 5 Ray Strode [halfline] 2011-09-21 15:27:56 UTC
okay, moving back to initscripts.

Comment 7 Bill Nottingham 2011-09-21 19:12:08 UTC
Created attachment 524265 [details]
potential patch

Comment 8 David Tonhofer 2011-09-27 08:53:00 UTC
Hi,

I tried the patch on RH6.1. 

I works insofar as the system gives up on the password query after 3 tries, BUT:

After that, automounting causes problems. The filesystem-supposedly-decrypted is mounted normally through /etc/fstab, which of course fails:

"The superblock could not be read or does not describe a correct ext2 filesystem"

You are then dropped to the maintenance shell.

This happens even if "noauto" has been given in /etc/fstab!

Comment 9 RHEL Program Management 2012-05-03 05:32:29 UTC
Since RHEL 6.3 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.

Comment 10 RHEL Program Management 2012-07-10 08:36:04 UTC
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 11 RHEL Program Management 2012-07-10 23:25:40 UTC
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development.  This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.

Comment 15 Jan Kurik 2017-12-06 10:31:20 UTC
Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/