Bug 506960 - mount no longer mounts LUKS encrypted partitions....
Summary: mount no longer mounts LUKS encrypted partitions....
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: gnome-disk-utility
Version: rawhide
Hardware: All
OS: Linux
low
high
Target Milestone: ---
Assignee: Karel Zak
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-06-19 15:11 UTC by Tom London
Modified: 2013-01-22 23:41 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-06-22 21:50:57 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Tom London 2009-06-19 15:11:42 UTC
Description of problem:
My LUKS encrypted ext4 partition on my USB hard drive no longer mounts:

[root@tlondon ~]# mount /dev/sdc1 /mnt
mount: unknown filesystem type 'crypto_LUKS'
[root@tlondon ~]# 

I see this in /var/log/messages:

Jun 19 07:51:21 tlondon kernel: sdc: sdc1
Jun 19 07:51:21 tlondon kernel: sd 5:0:0:0: [sdc] Attached SCSI disk
Jun 19 07:51:28 tlondon kernel: usb 1-5.3: reset high speed USB device using ehci_hcd and address 7
Jun 19 07:51:29 tlondon kernel: padlock: VIA PadLock Hash Engine not detected.
Jun 19 07:51:29 tlondon modprobe: FATAL: Error inserting padlock_sha (/lib/modules/2.6.30-6.fc12.x86_64/kernel/drivers/crypto/padlock-sha.ko): No such device
^C

I've tried reverting a number of packages: lvm2, device-mapper, util-linux-ng, all to no avail.

Version-Release number of selected component (if applicable):
lvm2-2.02.47-1.fc12.x86_64
device-mapper-libs-1.02.32-1.fc12.x86_64
util-linux-ng-2.15.1-0.1.fc12.x86_64
device-mapper-multipath-0.4.9-1.fc12.x86_64
device-mapper-devel-1.02.32-1.fc12.x86_64
device-mapper-1.02.32-1.fc12.x86_64
device-mapper-multipath-libs-0.4.9-1.fc12.x86_64
[Also newer rawhide packages]

How reproducible:
Every time.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Tom London 2009-06-20 01:18:33 UTC
I think I "misfiled" this against /sbin/mount.

It appears that the "automagic" disk/partition mounting (DeviceKit-disks ?, gnome-disk-utility?  gnome-mount? other?) is properly running "cryptsetup" on the partition, since I see a newly created /dev/dm-2:

[tbl@tlondon ~]$ ls -l /dev/dm*
brw-rw----. 1 root disk 253, 0 2009-06-19 17:54 /dev/dm-0
brw-rw----. 1 root disk 253, 1 2009-06-19 17:54 /dev/dm-1
brw-rw----. 1 root disk 253, 2 2009-06-19 17:57 /dev/dm-2
[tbl@tlondon ~]$ 

[dm-0 is / and dm-1 is swap, I believe]

I can mount /dev/dm-2:

[root@tlondon ~]# 
[root@tlondon ~]# mount /dev/dm-2 /mnt
[root@tlondon ~]# 
[root@tlondon ~]# mount
/dev/mapper/vg_tlondon-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw)
/dev/sda2 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
gvfs-fuse-daemon on /home/tbl/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=tbl)
/dev/sdb1 on /media/E0FD-1813 type vfat (rw,nosuid,nodev,uhelper=devkit,uid=500,gid=500,shortname=lower,dmask=0077,utf8=1,flush)
/dev/dm-2 on /mnt type ext4 (rw)
[root@tlondon ~]# 

So, the crypto is properly working as is gnome-keyring, but the usual "mount" on /media/Backup (Backup is the partition's label) fails.

If I run palimpsest before I manually mount, I see no options to mount.

I will reassign the BZ to gnome-disk-utility (I'm guessing here, since only it and DeviceKit-disks have been updated recently) and hope for the best.

Please reassign if I've guessed wrong (again).

Comment 2 Tom London 2009-06-20 01:20:06 UTC
Forgot current versions:

gnome-disk-utility-0.3-1.fc12.x86_64
DeviceKit-disks-004-3.fc12.x86_64

Comment 3 Tom London 2009-06-22 00:24:19 UTC
Updating to
gnome-disk-utility-0.4-1.fc12.x86_64
DeviceKit-disks-005-2.fc12.x86_64

and running in SELinux permissive mode seems to work.

The new code seems to want additional stuff:

module localdevicekit 1.0;

require {
	type polkit_t;
	type devicekit_disk_t;
	class dbus send_msg;
	class netlink_kobject_uevent_socket { read bind create setopt getattr };
}

#============= devicekit_disk_t ==============
allow devicekit_disk_t polkit_t:dbus send_msg;
allow devicekit_disk_t self:netlink_kobject_uevent_socket { read bind create setopt getattr };

#============= polkit_t ==============
allow polkit_t devicekit_disk_t:dbus send_msg;

Comment 4 Tom London 2009-06-22 00:24:52 UTC
Sorry, fat fingers....

Adding Daniel Walsh for the SELinux bits....

Comment 5 Daniel Walsh 2009-06-22 21:50:57 UTC
Fixed in selinux-policy-3.6.18-1.fc12


Note You need to log in before you can comment on or make changes to this bug.