# echo <secret> |/sbin/cryptsetup luksOpen /dev/sda1 foo Failed to setup dm-crypt key mapping. Check kernel for support for the aes-cbc-plain cipher spec and verify that /dev/sda1 contains at least 133 sectors. Failed to read from key storage Command failed: No key available with this passphrase. Reverting back to 1.0.1-4.2.1 fixed the problem. Adding Bill as he touched the package last... Marking this as FC5 blocker...
Check http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/1416 As said, I'm unable to reproduce your problem. Device mapper version?
http://luks.endorphin.org/source/cryptsetup-luks-1.0.3-rc2.tar.bz2 should do it.
The following worked for me: cryptsetup-luks-1.0.3-0.rc2.bky kernel-smp-2.6.15-1.1975_FC5 However, should selinux-policy-targeted allow all actions by default (avoiding restorecon problems)? If not, and the file contexts must be adjusted manually to some specific context, could you place a note in the man page about it (similar to httpd_selinux)? BEGIN LISTING [root@flood bkyoung]# cd /var/tmp [root@flood tmp]# dd if=/dev/zero of=/var/tmp/secret bs=1M count=11 11+0 records in 11+0 records out 11534336 bytes (12 MB) copied, 0.200437 seconds, 57.5 MB/s [root@flood tmp]# losetup -f /dev/loop0 [root@flood tmp]# losetup /dev/loop0 /var/tmp/secret /var/tmp/secret: Permission denied [root@flood tmp]# setenforce permissive [root@flood tmp]# losetup /dev/loop0 /var/tmp/secret [root@flood tmp]# modprobe dm-crypt aes des [root@flood tmp]# cryptsetup -c aes -y create secret /dev/loop0 Enter passphrase: a Verify passphrase: a [root@flood tmp]# mke2fs /dev/mapper/secret mke2fs 1.38 (30-Jun-2005) Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) 2816 inodes, 11264 blocks 563 blocks (5.00%) reserved for the super user First data block=1 Maximum filesystem blocks=11534336 2 block groups 8192 blocks per group, 8192 fragments per group 1408 inodes per group Superblock backups stored on blocks: 8193 Writing inode tables: done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 21 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. [root@flood tmp]# mkdir -p /mnt/secret [root@flood tmp]# mount /dev/mapper/secret /mnt/secret [root@flood tmp]# ls /mnt/secret lost+found [root@flood tmp]# touch /mnt/secret/test.txt [root@flood tmp]# ls /mnt/secret lost+found test.txt [root@flood tmp]# umount /mnt/secret [root@flood tmp]# cryptsetup remove secret [root@flood tmp]# losetup -d /dev/loop0 [root@flood tmp]# rm secret rm: remove regular file `secret'? y [root@flood tmp]# losetup -f /dev/loop0 [root@flood tmp]# setenforce enforcing [root@flood tmp]# exit END LISTING
Yay, 1.0.3-rc2 works for me again. Thanks! Bill, I guess we should put this in FC5?
Building.