Description of problem: When not providing the password for a LUKS encrypted LVM volume during start-up, the system falls back to an emergency shell. Even though the encrypted volume is not accessible, the unencrypted boot partition can be mounted and accessed which might pave the way to injecting malicious code into the system. Version-Release number of selected component (if applicable): kernel-4.13.1-303.fc27 How reproducible: Always Steps to Reproduce: 1. Boot system. 2. Do not provide any input after password for LUKS encrypted volume has been requested. Actual results: System falls back to emergency shell. Expected results: System keeps waiting indefinitely for user input. Additional info: None
Dropping to a shell is handled by dracut
Version-Release number of selected component (if applicable): dracut-046-2.git20170811.fc27
Fedora 26 is -not- affected by this issue: the unlock panel keeps being displayed for hours without ever seeing a time-out. Relevant packages include - dracut-046-2.git20170811.fc26 - kernel-4.12.13-300.fc26 This observation suggests that dracut is not the correct component.
Can you paste your /etc/crypttab and /etc/fstab? Which systemd version do you have?
1. Contents of /etc/crypttab and of /etc/fstab turn out to be identical for Fedora 26 and Fedora 27. In principle, the should ensure that the system waits indefinitely for user input. :::::::::::::: /etc/crypttab :::::::::::::: luks-ABC UUID=XYZ none :::::::::::::: /etc/fstab :::::::::::::: # # /etc/fstab # Created by anaconda on Tue Sep 19 20:27:36 2017 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/noname-root / ext4 defaults,x-systemd.device-timeout=0 1 1 UUID=XYZ /boot ext4 defaults 1 2 /dev/mapper/noname-home /home ext4 defaults,x-systemd.device-timeout=0 1 2 /dev/mapper/noname-var /var ext4 defaults,x-systemd.device-timeout=0 1 2 /dev/mapper/noname-swap swap swap defaults,x-systemd.device-timeout=0 0 0 2. Fedora 27 still features systemd-234-5.fc27 as of 2017-07-31.
Seems to be https://github.com/systemd/systemd/issues/6402.
*** Bug 1495635 has been marked as a duplicate of this bug. ***
I'm going to dupe this the other way around, because bug 1495635 has already been proposed a blocker, has lots of debugging info, and a response from the developer. *** This bug has been marked as a duplicate of bug 1495635 ***