Bug 460496 - ecryptfs complains about a missing module, fails and then loads it
ecryptfs complains about a missing module, fails and then loads it
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: ecryptfs-utils (Show other bugs)
5.3
All Linux
medium Severity medium
: rc
: ---
Assigned To: Michal Hlavinka
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-28 07:36 EDT by Michal Nowak
Modified: 2013-03-07 21:04 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-02 05:56:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
against v. 69 - try to load module on get version failure (627 bytes, patch)
2009-01-30 05:49 EST, Michal Hlavinka
no flags Details | Diff
move the change to better place (1.15 KB, patch)
2009-02-02 12:02 EST, Michal Hlavinka
no flags Details | Diff

  None (edit)
Description Michal Nowak 2008-08-28 07:36:11 EDT
Description of problem:

Mounting from the first time produces error/warning msg

"Unable to get the version number of the kernel..."

and then loads ecryptfs.ko module. The weird is it complaints on missing module and then it loads the module.


Not mentioning that the error 

"""
Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit <http://ecryptfs.sourceforge.net/ecryptfs-faq.html>.
"""

says really nothing useful...



dhcp-lab-198 kernel-oops # modprobe -r ecryptfs

dhcp-lab-198 kernel-oops # lsmod | grep ecr

dhcp-lab-198 kernel-oops # /sbin/mount.ecryptfs secret/ secret/ -o key=openssl:openssl_keyfile=/root/.ecryptfs/pki/openssl/mykey.pem:passphrase_passwd_file=passfile.txt,ecryptfs_cipher=aes,ecryptfs_key_bytes=16

Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which 
kernel options are supported.

Make sure that your system is set up to auto-load
your filesystem kernel module on mount.

Enabling passphrase-mode only for now.

Attempting to mount with the following options:
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit <http://ecryptfs.sourceforge.net/ecryptfs-faq.html>.

dhcp-lab-198 kernel-oops # lsmod | grep ecr
ecryptfs               79693  0 

dhcp-lab-198 kernel-oops # dmesg | tail
...
ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
Error parsing options; rc = [-22]

dhcp-lab-198 kernel-oops # /sbin/mount.ecryptfs secret/ secret/ -o key=openssl:openssl_keyfile=/root/.ecryptfs/pki/openssl/mykey.pem:passphrase_passwd_file=passfile.txt,ecryptfs_cipher=aes,ecryptfs_key_bytes=16
Method of providing the passphrase: 
 1) openssl_passwd: Enter on Console
 2) openssl_passwd_file: File Containing Passphrase
 3) openssl_passwd_fd: File Descriptor for File Containing Passphrase
Selection [openssl_passwd]: 


Version-Release number of selected component (if applicable):

kernel-2.6.18-105.el5.i686
(ecryptfs is not running at all for me...)

kernel-2.6.18-92.1.9.el5.i686
(the test case from bottom was effective while running this kernel)

ecryptfs-utils-56-2.el5.i386

How reproducible:
always

 
Actual results:

Complaint on missing module.

Expected results:

Load the module when missing and no-complain.
Comment 1 Karsten Hopp 2008-09-01 09:43:10 EDT
this needs to be 'openssl_passwd_file=passfile.txt'
Comment 2 Michal Nowak 2008-09-01 10:41:35 EDT
man says:

"""
passphrase_passwd_file=(filename)
       The password should be specified in a file with passwd=(passphrase). It is highly reccomended that the file be stored on a secure medium  such  as  a
       personal usb key.
"""


Please fix the man page.


BUT still with openssl_passphrase_passwd_file
---------------------------------------------

newman@dhcp-lab-198 /tmp $ sudo modprobe -r ecryptfs

newman@dhcp-lab-198 /tmp $ lsmod | grep ecr

newman@dhcp-lab-198 /tmp $ sudo /sbin/mount.ecryptfs secret/ secret/ -o key=openssl:openssl_keyfile=/root/.ecryptfs/pki/openssl/mykey.pem:openssl_passphrase_passwd_file=passfile.txt,ecryptfs_cipher=aes,ecryptfs_key_bytes=16

Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which 
kernel options are supported.

Make sure that your system is set up to auto-load
your filesystem kernel module on mount.

Enabling passphrase-mode only for now.

Attempting to mount with the following options:
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit <http://ecryptfs.sourceforge.net/ecryptfs-faq.html>.


HERE
----
>>>> newman@dhcp-lab-198 /tmp $ lsmod | grep ecr
>>>> ecryptfs               79693  0 

newman@dhcp-lab-198 /tmp $ sudo /sbin/mount.ecryptfs secret/ secret/ -o key=openssl:openssl_keyfile=/root/.ecryptfs/pki/openssl/mykey.pem:openssl_passphrase_passwd_file=passfile.txt,ecryptfs_cipher=aes,ecryptfs_key_bytes=16
Method of providing the passphrase: 
 1) openssl_passwd: Enter on Console
 2) openssl_passwd_file: File Containing Passphrase
 3) openssl_passwd_fd: File Descriptor for File Containing Passphrase
Selection [openssl_passwd]: 




It 

1) fails,
2) loads the kernel module (*because which it failed*),
3) ends,
4) another run of the same mount command is OK (at first glance).
Comment 3 Karsten Hopp 2008-09-02 05:49:06 EDT
please use openssl_passwd_file instead of openssl_passphrase_passwd_file and you shouldn't get this menu at all. openssl_passphrase_passwd_file is an unknown parameter to mount.ecryptfs and ignored (or handled over to mount).

But even with your commandline
1) works
2) works, but the input is hidden
3) continues, but I haven't found a way yet how to use this as pipes don't seem to work.

I'm running a Fedora 2.6.27 kernel here, what's the output of uname -a on your system ? Does the directory 'secret' in your working directory exist ?
Comment 4 Michal Nowak 2008-09-02 06:58:24 EDT
dhcp-lab-198 kernel-oops # ll
total 64K
drwxr-xr-x 2 newman newman 4.0K Aug 28 10:31 CVS
-rwxr-xr-x 1 newman newman 2.0K Aug 28 10:57 kernel-oops.sh
-rw-r--r-- 1 newman newman 1.7K Feb 28  2008 Makefile
-rw-r--r-- 1 newman newman  986 Feb 27  2008 mykey.pem
-rw-r--r-- 1 newman newman   14 Aug 28 12:18 passfile.txt
-rw-r--r-- 1 newman newman  197 Feb 28  2008 PURPOSE
-rwxr-xr-x 1 newman newman 1.6K Mar 10 12:52 runtest.sh
drwxr-xr-x 2 root   root   4.0K Aug 28 10:39 secret

dhcp-lab-198 kernel-oops # lsmod | grep ecr

dhcp-lab-198 kernel-oops # /sbin/mount.ecryptfs secret/ secret/ -o key=openssl:openssl_keyfile=/root/.ecryptfs/pki/openssl/mykey.pem:openssl_passwd_file=passfile.txt,ecryptfs_cipher=aes,ecryptfs_key_bytes=16

Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which 
kernel options are supported.

Make sure that your system is set up to auto-load
your filesystem kernel module on mount.

Enabling passphrase-mode only for now.

Attempting to mount with the following options:
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit <http://ecryptfs.sourceforge.net/ecryptfs-faq.html>.

dhcp-lab-198 kernel-oops # lsmod | grep ecr
ecryptfs               79693  0 

dhcp-lab-198 kernel-oops # /sbin/mount.ecryptfs secret/ secret/ -o key=openssl:openssl_keyfile=/root/.ecryptfs/pki/openssl/mykey.pem:openssl_passwd_file=passfile.txt,ecryptfs_cipher=aes,ecryptfs_key_bytes=16
Attempting to mount with the following options:
Error mounting eCryptfs; rc = [-22]; strerr = [Invalid argument]. Check your system logs; visit <http://ecryptfs.sourceforge.net/ecryptfs-faq.html>.

dhcp-lab-198 kernel-oops # dmesg | tail
ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
Error parsing options; rc = [-22]

dhcp-lab-198 kernel-oops # uname -a
Linux dhcp-lab-198.englab.brq.redhat.com 2.6.18-92.1.9.el5 #1 SMP Wed Jul 16 07:35:57 EDT 2008 i686 i686 i386 GNU/Linux

dhcp-lab-198 kernel-oops # file /root/.ecryptfs/pki/openssl/mykey.pem
/root/.ecryptfs/pki/openssl/mykey.pem: ASCII text



I guess it does not mount because of the old kernel (I'll install one when is some available). But still:


"""
Unable to get the version number of the kernel
module. Please make sure that you have the eCryptfs
kernel module loaded, you have sysfs mounted, and
the sysfs mount point is in /etc/mtab. This is
necessary so that the mount helper knows which 
kernel options are supported.
"""


because of not loaded kernel module -> then it loads it -> when issuing the same mount command it fails in expected way (old kernel).

I dunno whether is it still parsing problem or kernel (the error msgs are so confusing and meaning less to me...).
Comment 5 Michal Hlavinka 2009-01-30 05:49:09 EST
Created attachment 330453 [details]
against v. 69 - try to load module on get version failure
Comment 6 Dustin Kirkland 2009-01-31 14:18:05 EST
Committed against upstream git, 850444b.  Thanks for the patch, Michal.

:-Dustin
Comment 7 Michal Hlavinka 2009-02-02 12:02:09 EST
Created attachment 330649 [details]
move the change to better place

Maybe it's good idea to add "2>/dev/null" to the modprobe system call, to suppress something like "FATAL: Error inserting ecryptfs (/lib/modules/2.6.27.12-170.2.5.fc10.x86_64/kernel/fs/ecryptfs/ecryptfs.ko): Operation not permitted"

previous patch fixed only one place, this brings the change to all other places calling ecryptfs_get_version
Comment 13 errata-xmlrpc 2009-09-02 05:56:37 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1307.html

Note You need to log in before you can comment on or make changes to this bug.