Bug 454425 - ecryptfsd cannot start and makes openssl keys useless
ecryptfsd cannot start and makes openssl keys useless
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: ecryptfs-utils (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Michael Halcrow
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 454426
  Show dependency treegraph
 
Reported: 2008-07-08 08:41 EDT by Jan Tluka
Modified: 2008-10-24 02:14 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-24 02:14:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Tluka 2008-07-08 08:41:56 EDT
Description of problem:
Current version of kernel and ecryptfs-utils in Fedora 9 make ecryptfs feature
useless when mounting with openssl keys. There are problems in ecryptfs
userspace utilities (ecryptfsd) which use kernel netlink interface. This bug is
to track progress of inclusion of patches for ecryptfs-utils. Another bugzilla
will be created to track kernel side.

Version-Release number of selected component (if applicable):
kernel 2.6.25.6-55.fc9
ecryptfs-utils-40-0.fc9

How reproducible:
as root run ecryptfsd daemon and check /var/log/messages

Steps to Reproduce:
1. # su -
2. # tail -f /var/log/messages &
3. # ecryptfsd
  
Actual results:
Jul  8 11:26:53 dhcp-lab-206 ecryptfsd: Starting eCryptfs userspace netlink
daemon [4193]
Jul  8 11:26:53 dhcp-lab-206 ecryptfsd: Failed to send eCryptfs netlink message:
Connection refused
Jul  8 11:26:53 dhcp-lab-206 ecryptfsd: Failed to register netlink daemon with
the eCryptfs kernel module
Jul  8 11:26:53 dhcp-lab-206 ecryptfsd: Failed to send eCryptfs netlink message:
Connection refused
Jul  8 11:26:53 dhcp-lab-206 ecryptfsd: ecryptfsd_exit: Failed to unregister
netlink daemon with the eCryptfs kernel module
Jul  8 11:26:53 dhcp-lab-206 ecryptfsd: ecryptfsd_exit: Closing eCryptfs
userspace netlink daemon [4193]

Expected results:
ecryptfsd starts, no errors on startup

Additional info:
Comment 1 Michael Halcrow 2008-07-08 11:45:37 EDT
The netlink interface for communications between the kernel and the userspace
daemon has been buggy from day 1. Buggy in the sense that the kernel may oops if
the netlink feature is used at all. Thus, current versions of the kernel have
had the netlink interace disabled by default, in favor of the miscellaneous
device file, which replaces the netlink interface. Versions of ecryptfs-utils
since 44 support this miscellaneous device file interface.

For any version of Fedora shipping versions of the kernel and/or eCryptfs
userspace utilities that use the netlink interface, any mode of operation other
than passphrase is invalid and should be entirely disabled (for instance, by not
installing ecryptfsd and the key module shared object files other than the
passphrase module).

The netlink interface may have worked by happenstance in prior kernel versions,
but, given the numerous problems in subsequent kernel releases, I consider the
netlink code to be hopelessly buggy and dangerous to use at this point.

Mike
Comment 2 Eric Sandeen 2008-07-08 11:54:48 EDT
Mike, so, we should push -44 or later to F9 right.  Would you like to do that or
shall I?

Thanks,
-Eric
Comment 3 Eric Sandeen 2008-07-08 12:46:52 EDT
Actually, Jan, ecryptfs-utils-46 is already in F9 updates.

Can you get the latest & re-test?

Thanks,
-Eric
Comment 4 Jan Tluka 2008-07-09 07:57:01 EDT
Eric, -46 is part of 'updates-testing' not 'updates' repo at the moment. Anyway
I have tried that and these are the results.

# modprobe ecryptfs
# ecryptfsd -d miscdev
# tail /var/log/messages
Jul  9 15:48:46 proliant02 ecryptfsd: ecryptfs_init_miscdev: Error whilst
attempting to open [/dev/ecryptfs] or [/dev/misc/ecryptfs]; errno msg = [No such
file or directory]
Jul  9 15:48:46 proliant02 ecryptfsd: main: Failed to initialize messaging; rc =
[-5]
Jul  9 15:48:46 proliant02 ecryptfsd: Failed to send eCryptfs miscdev message;
errno msg = [Bad file descriptor]
Jul  9 15:48:46 proliant02 ecryptfsd: ecryptfs_send_message: Failed to register
miscdev daemon with the eCryptfs kernel module; rc = [-5]
Jul  9 15:48:46 proliant02 ecryptfsd: ecryptfsd_exit: Error attempting to send
quit message to kernel; rc = [-5]
Jul  9 15:48:46 proliant02 ecryptfsd: ecryptfsd_exit: Closing eCryptfs userspace
netlink daemon [2198]

Mike, the misc device you talk about should be created when ecryptfs module is
loaded, right? I guess this is not yet included in kernel 2.6.25.6-55.fc9 (tried
2.6.25.9-76.fc9, too).

The problem is that current kernel in Fedora does not have the patch that
introduces miscdev interface.
Comment 5 Michael Halcrow 2008-07-09 11:22:58 EDT
Jan Tluka wrote:
> The problem is that current kernel in Fedora does not have the patch
> that introduces miscdev interface.

Either the miscdev patchset needs to be included in the kernel, or
ecryptfsd (and, hence, any key module other than passphrase) must be an
unavailable feature in the current release. If we go with the later,
then ecryptfsd and the non-passphrase key modules need to be removed from
the SPEC file so that users do not expect to be able to use that part of
eCryptfs in Fedora 9.

Mike
Comment 6 Eric Sandeen 2008-07-09 12:09:48 EDT
Sorry Jan, I was confused about which parts were in which versions of which piece.

When F9 gets 2.6.26 all should be well, or, we could backport the upstream
ecryptsf to the current kernel...
Comment 7 Jan Tluka 2008-10-09 08:13:06 EDT
Works in Fedora 9 now.

kernel-2.6.26.5-45.fc9
ecryptfs-utils-46-0.fc9

Note You need to log in before you can comment on or make changes to this bug.