Description of problem: Attempting to format a luks file-based container on a loopback device fails Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. dd if=/dev/urandom of=./vol00 bs=1M count=50 2. losetup -f ./vol00 3. cryptsetup --verbose --verify-passphrase luksFormat /dev/loop0 Actual results: $ cryptsetup --verbose --verify-passphrase luksFormat /dev/loop0 WARNING! ======== This will overwrite data on /dev/loop0 irrevocably. Are you sure? (Type uppercase yes): YES Enter passphrase: Verify passphrase: Cannot initialize device-mapper, running as non-root user. Command failed with code 5: Cannot initialize device-mapper, running as non-root user. Expected results: Expected cryptsetup luksFormat to succeed, and allow a subsequent call to luksOpen. Additional info: I also had to tweak some permissions to get the loopback devices to load, as shown in Bug #1019440 and #1045432.
I attempted to change some permissions in /dev/mapper/ to chgrp from root to disk, as well as chmod g+rwx. Kernel is, Linux zorg 3.14.3-200.fc20.x86_64 #1 SMP Tue May 6 19:00:18 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Unfortunately, kernel device-mapper (including dm-crypt) requires root privilege to operate. It is long term issue to allow operation for non-user. But please ask kernel device-mapper developers. Cryptsetup cannot do anything here, both format and activate require dmcrypt device creation, allowing access to block device is not enough.
Aw damn, really. Sorry, I could have sworn I'd done this in the past. I'll go nag the device-mapper guys.