Bug 506960 - mount no longer mounts LUKS encrypted partitions....
mount no longer mounts LUKS encrypted partitions....
Product: Fedora
Classification: Fedora
Component: gnome-disk-utility (Show other bugs)
All Linux
low Severity high
: ---
: ---
Assigned To: Karel Zak
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-06-19 11:11 EDT by Tom London
Modified: 2013-01-22 18:41 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-06-22 17:50:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tom London 2009-06-19 11:11:42 EDT
Description of problem:
My LUKS encrypted ext4 partition on my USB hard drive no longer mounts:

[root@tlondon ~]# mount /dev/sdc1 /mnt
mount: unknown filesystem type 'crypto_LUKS'
[root@tlondon ~]# 

I see this in /var/log/messages:

Jun 19 07:51:21 tlondon kernel: sdc: sdc1
Jun 19 07:51:21 tlondon kernel: sd 5:0:0:0: [sdc] Attached SCSI disk
Jun 19 07:51:28 tlondon kernel: usb 1-5.3: reset high speed USB device using ehci_hcd and address 7
Jun 19 07:51:29 tlondon kernel: padlock: VIA PadLock Hash Engine not detected.
Jun 19 07:51:29 tlondon modprobe: FATAL: Error inserting padlock_sha (/lib/modules/2.6.30-6.fc12.x86_64/kernel/drivers/crypto/padlock-sha.ko): No such device

I've tried reverting a number of packages: lvm2, device-mapper, util-linux-ng, all to no avail.

Version-Release number of selected component (if applicable):
[Also newer rawhide packages]

How reproducible:
Every time.

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Tom London 2009-06-19 21:18:33 EDT
I think I "misfiled" this against /sbin/mount.

It appears that the "automagic" disk/partition mounting (DeviceKit-disks ?, gnome-disk-utility?  gnome-mount? other?) is properly running "cryptsetup" on the partition, since I see a newly created /dev/dm-2:

[tbl@tlondon ~]$ ls -l /dev/dm*
brw-rw----. 1 root disk 253, 0 2009-06-19 17:54 /dev/dm-0
brw-rw----. 1 root disk 253, 1 2009-06-19 17:54 /dev/dm-1
brw-rw----. 1 root disk 253, 2 2009-06-19 17:57 /dev/dm-2
[tbl@tlondon ~]$ 

[dm-0 is / and dm-1 is swap, I believe]

I can mount /dev/dm-2:

[root@tlondon ~]# 
[root@tlondon ~]# mount /dev/dm-2 /mnt
[root@tlondon ~]# 
[root@tlondon ~]# mount
/dev/mapper/vg_tlondon-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw)
/dev/sda2 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
gvfs-fuse-daemon on /home/tbl/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=tbl)
/dev/sdb1 on /media/E0FD-1813 type vfat (rw,nosuid,nodev,uhelper=devkit,uid=500,gid=500,shortname=lower,dmask=0077,utf8=1,flush)
/dev/dm-2 on /mnt type ext4 (rw)
[root@tlondon ~]# 

So, the crypto is properly working as is gnome-keyring, but the usual "mount" on /media/Backup (Backup is the partition's label) fails.

If I run palimpsest before I manually mount, I see no options to mount.

I will reassign the BZ to gnome-disk-utility (I'm guessing here, since only it and DeviceKit-disks have been updated recently) and hope for the best.

Please reassign if I've guessed wrong (again).
Comment 2 Tom London 2009-06-19 21:20:06 EDT
Forgot current versions:

Comment 3 Tom London 2009-06-21 20:24:19 EDT
Updating to

and running in SELinux permissive mode seems to work.

The new code seems to want additional stuff:

module localdevicekit 1.0;

require {
	type polkit_t;
	type devicekit_disk_t;
	class dbus send_msg;
	class netlink_kobject_uevent_socket { read bind create setopt getattr };

#============= devicekit_disk_t ==============
allow devicekit_disk_t polkit_t:dbus send_msg;
allow devicekit_disk_t self:netlink_kobject_uevent_socket { read bind create setopt getattr };

#============= polkit_t ==============
allow polkit_t devicekit_disk_t:dbus send_msg;
Comment 4 Tom London 2009-06-21 20:24:52 EDT
Sorry, fat fingers....

Adding Daniel Walsh for the SELinux bits....
Comment 5 Daniel Walsh 2009-06-22 17:50:57 EDT
Fixed in selinux-policy-3.6.18-1.fc12

Note You need to log in before you can comment on or make changes to this bug.