Description of problem: pmt-eht cannot create large encrypted loopback containers. Even more, the possible size for loopback containers seems to deminish with time. Version-Release number of selected component (if applicable): pam_mount-1.32-1.fc12.i686 How reproducible: Run pmt-ehd with large file size, e.g. pmt-ehd -c aes-cbc-essiv:sha256 -f /home/user.img -h sha1 -p /home/user.key -t ext3 -u user -i aes-256-cbc -x -s 3500 3500 MB was enough for pmt-ehd on my system to quit with following message: Device _home_user_img is busy. ehd(crypto-dmc.c:168): Could not unload dm-crypt device "/dev/mapper/_home_user_img", cryptsetup returned HXproc status 240 I thought I've found a size limit at 2189 MB (pmt-ehd successfuly finished with this size once) but subsequent runs of pmt-ehd with exactly the same parameters lead again to the error mentioned above.
at least on x86_64 I cannot reproduce this: mkdir -p $HOME/tmp/pam_mount-test/ sudo pmt-ehd -c aes-cbc-essiv:sha256 -f $HOME/tmp/pam_mount-test/user.img -h sha1 -p $HOME/tmp/pam_mount-test/user.key -t ext3 -u $USER -i aes-256-cbc -x -s 3500 I will try again on an i686 machine
Well, call me crazy, but I also had difficulties reproducing this behavior after your post... Finally I succeded - or at leas so I hope. :) Run the pmt-ehd command as root on one of the text consoles tty[2-6]. If the user given with -u option is also logged in, then the command succeds. If not, it should fail with the error message I mentioned in the original report. I also have another question: how do I simulate actions done by pmt-ehd manually? I'm asking because maybe at some time in the future I will want to change my password and then I have to decrypt an re-encrypt the key manually.
(In reply to comment #2) > I also have another question: how do I simulate actions done by pmt-ehd > manually? I'm asking because maybe at some time in the future I will want to > change my password and then I have to decrypt an re-encrypt the key manually. You better ask upstream or search for some HOWTOS. I use only luks volumes.
Within some days, a new release will be available in updates-testing. Can you please test, whether you can still reproduce the problem? There have been several changes in pmt-ehd. https://admin.fedoraproject.org/updates/libHX-3.4-1.fc12,pam_mount-2.2-1.fc12
I could not reproduce the original problem with the new packages. But I had two other problems: # sudo LANG=C yum localupdate libHX-3.4-1.fc12.i686.rpm pam_mount-2.2-1.fc12.i686.rpm Loaded plugins: refresh-packagekit Setting up Local Package Process Examining libHX-3.4-1.fc12.i686.rpm: libHX-3.4-1.fc12.i686 Marking libHX-3.4-1.fc12.i686.rpm as an update to libHX-3.1-1.fc12.i686 Examining pam_mount-2.2-1.fc12.i686.rpm: pam_mount-2.2-1.fc12.i686 Marking pam_mount-2.2-1.fc12.i686.rpm as an update to pam_mount-1.32-1.fc12.i686 Resolving Dependencies --> Running transaction check ---> Package libHX.i686 0:3.4-1.fc12 set to be updated ---> Package pam_mount.i686 0:2.2-1.fc12 set to be updated --> Processing Dependency: /bin/readlink for package: pam_mount-2.2-1.fc12.i686 --> Processing Dependency: /bin/readlink for package: pam_mount-2.2-1.fc12.i686 --> Finished Dependency Resolution Error: Package: pam_mount-2.2-1.fc12.i686 (/pam_mount-2.2-1.fc12.i686) Requires: /bin/readlink You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest I've created a symbolic link from /bin/readlink to /usr/bin/readlink, where my readlink resides and forced the installation. Then I could not unmount encrypted devices with this messages (2x times the same) # umount /home/user /sbin/umount.crypt: You need to specify the mountpoint /sbin/umount.crypt: You need to specify the mountpoint
regarding /bin/readlink: It's in coreutils-8.4-6, which has just been pushed to stable, so it show up soon. regarding the umount problem, maybe umount currently only works for volumes mounted with mount.crypt from the pam_mount, but not the old one. I'll investigate this.
(In reply to comment #6) > regarding the umount problem, maybe umount currently only works for volumes > mounted with mount.crypt from the pam_mount, but not the old one. I'll > investigate this. It seems that cmtab moved from /etc to /var/run. Which is probably causing this problem. I need to find out what happens if mount.crypt is used to mount /var.
(In reply to comment #7) > (In reply to comment #6) > > > regarding the umount problem, maybe umount currently only works for volumes > > mounted with mount.crypt from the pam_mount, but not the old one. I'll > > investigate this. > > It seems that cmtab moved from /etc to /var/run. Which is probably causing this > problem. I need to find out what happens if mount.crypt is used to mount /var. umount was completely unusable in 2.2, but 2.3 should have this fixed. I'll still have to check, whether a cmtab migration scriptlet is needed.
cryptsetup-luks-1.1.2-2.fc13,libHX-3.4-1.fc13,pam_mount-2.4-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/cryptsetup-luks-1.1.2-2.fc13,libHX-3.4-1.fc13,pam_mount-2.4-1.fc13
cryptsetup-luks-1.1.3-1.fc12,libHX-3.4-1.fc12,pam_mount-2.4-2.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/cryptsetup-luks-1.1.3-1.fc12,libHX-3.4-1.fc12,pam_mount-2.4-2.fc12
cryptsetup-luks-1.1.3-1.fc12, pam_mount-2.4-2.fc12, libHX-3.4-1.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update cryptsetup-luks pam_mount libHX'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/cryptsetup-luks-1.1.3-1.fc12,libHX-3.4-1.fc12,pam_mount-2.4-2.fc12
cryptsetup-luks-1.1.3-1.fc13, pam_mount-2.4-2.fc13, libHX-3.4-1.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update cryptsetup-luks pam_mount libHX'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/cryptsetup-luks-1.1.3-1.fc13,libHX-3.4-1.fc13,pam_mount-2.4-2.fc13
cryptsetup-luks-1.1.3-1.fc13, pam_mount-2.4-2.fc13, libHX-3.4-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
cryptsetup-luks-1.1.3-1.fc12, pam_mount-2.4-2.fc12, libHX-3.4-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.