Bug 500821 - When selecting encrypt system the swap is set to unencrypted partition
When selecting encrypt system the swap is set to unencrypted partition
Status: CLOSED WORKSFORME
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: anaconda (Show other bugs)
5.3
All Linux
low Severity medium
: rc
: ---
Assigned To: David Lehman
Release Test Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-14 08:18 EDT by Milan Broz
Modified: 2013-02-28 23:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-02-02 17:25:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
wrong partitioning snapshot (146.59 KB, image/png)
2009-05-14 08:19 EDT, Milan Broz
no flags Details

  None (edit)
Description Milan Broz 2009-05-14 08:18:01 EDT
Description of problem:

System with one disk, with prepared these partitions
Disk /dev/sda: 160.0 GB, 160000000000 bytes
255 heads, 63 sectors/track, 19452 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          26      204800   83  Linux
Partition 1 does not end on cylinder boundary.
/dev/sda2              26       19452   156043389+  8e  Linux LVM


both partition are zeroed (with dd if=/dev/zero ...) no lvm signature etc.


When I start vnc installation a check "encrypt system" and "review and modify partitoning layout" and without touching option list which is default in "remove all partitions and create default layout") the partitioning layout is following:

sda1 - boot, sda2 - encrypted PV (with root lv), sda3 - *unencrypted* swap

Returning back and forward it switch to (correct)
sda1 - boot, sda2 encrypted PV (with root ands swap LV)

Version-Release number of selected component (if applicable):
11.1.2.168

System with encrypted root but not encrypted swap is not secure configuration and should be avoided.
Comment 1 Milan Broz 2009-05-14 08:19:34 EDT
Created attachment 343953 [details]
wrong partitioning snapshot
Comment 3 David Lehman 2009-11-24 11:41:10 EST
This partitioning layout shown is a custom layout.

The "Encrypt System" checkbox does one thing: it encrypts the PV(s) that we create during *automatic* partitioning. If you go in and create custom partitions it is up to you to specify that they be encrypted if that is what you want.

Is there something that I am missing here?
Comment 4 Milan Broz 2009-11-24 11:47:15 EST
I did not specified custom partition for swap, that partition was added by anaconda (note sda3 is not there - I had just some free space on disk). I tried to reuse PV.
If I encrypt root, swap must be encrypted too - otherwise it is not secure anyway.

But note:
"Returning back and forward it switch to (correct)
sda1 - boot, sda2 encrypted PV (with root ands swap LV)"

So after just pressing back and forward button the cfg is different.
(I have no current install here, not sure if it is still reproducible...)
Comment 5 David Lehman 2009-11-24 12:42:41 EST
Let me assure you that anaconda did not create a swap partition automatically. There is no code to do this. I can also assure you that the naming of the vg/lv are not anaconda's.

You did not mention that this is an interactive kickstart installation. I suspect that there is a bug related to either your kickstart script or anaconda's handling of interactive kickstart. Please attach the ks.cfg.
Comment 6 David Lehman 2009-11-24 12:44:26 EST
From comment #4:
> I tried to reuse PV.

Which is it? Did you specify "remove all partitions" or did you specify a custom partitioning layout?
Comment 7 David Lehman 2010-02-02 17:25:09 EST
I was unable to reproduce the behavior described in this report. Please reopen it if you have a reliable procedure to reproduce it.

Note You need to log in before you can comment on or make changes to this bug.