Bug 719091 - ecryptfs won't mount encrypted filesystem
Summary: ecryptfs won't mount encrypted filesystem
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: ecryptfs-utils
Version: 15
Hardware: All
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Michal Hlavinka
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-07-05 18:19 UTC by Walter Neumann
Modified: 2011-08-03 22:53 UTC (History)
2 users (show)

Fixed In Version: ecryptfs-utils-87-6.fc14
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-03 22:53:09 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
strace of mount command (5.50 KB, text/plain)
2011-07-08 12:23 UTC, Walter Neumann
no flags Details
strace with -f of mount command (39.96 KB, text/plain)
2011-07-08 12:38 UTC, Walter Neumann
no flags Details

Description Walter Neumann 2011-07-05 18:19:49 UTC
Description of problem: Since upgrade to Fedora 15 "mount -t ecryptfs dir1 dir2" fails to mount the encrypted directory dir1 on dir2


Version-Release number of selected component (if applicable):

ecryptfs-utils-87-3.fc15.i686 on 32 bit machine
ecryptfs-utils-87-3.fc15.x86_64 on 64 bit machine

How reproducible:

Always

Steps to Reproduce:
1. as root run "mount -t ecryptfs dir1 dir2"

2. enter passphrase when requested

3. Passphrase is accepted, but nount fails with error:
Error mounting eCryptfs: [-22] Invalid argument
Check your system logs; visit <http://launchpad.net/ecryptfs>
  
Actual results:

Passphrase is accepted, but nount fails with error:
Error mounting eCryptfs: [-22] Invalid argument
Check your system logs; visit <http://launchpad.net/ecryptfs>

dmesg shows:

Mount on filesystem of type eCryptfs explicitly disallowed due to known incompatibilities
Reading sb failed; rc = [-22]

Expected results:

Filesystem should mount OK. (Luckily still works fine under FC13, so I still have my data.)
Additional info:

Comment 1 Eric Sandeen 2011-07-05 18:23:21 UTC
> Mount on filesystem of type eCryptfs explicitly disallowed due to known
incompatibilities

Are you sure "dir1" isn't already a mounted eCryptfs fs?

This is trying to catch:

# mount -t ecryptfs dir1 dir2
# mount -t ecryptfs dir2 dir3

which is a disaster in the making.

can you do:

# cat /proc/mounts
# mount -t ecryptfs <actual dir names>

and paste it in?

Comment 2 Walter Neumann 2011-07-05 19:15:03 UTC
I didn't notice mount is actually succeeding, but I consistently get misleading error messages on both machines even though mount succeeds. Here the error messages:

Console (both i686 and x86_64):
 Error mounting eCryptfs: [-5] Input/output error
 Check your system logs; visit <http://launchpad.net/ecryptfs>

/var/log/messages (both i686 and x86_64):
 mount.ecryptfs: Failed to write to the mount table

dmesg (i686):

[149345.089000] Mount on filesystem of type eCryptfs explicitly disallowed due to known incompatibilities
[149345.091908] Reading sb failed; rc = [-22]

dmesg (x86_64):

[1397105.411476] ecryptfs_parse_options: eCryptfs: unrecognized option [key=passphrase]
[1397105.417415] Could not find key with description: [xxxxxxxxxxxxxxxx]
[1397105.417419] process_request_key_err: No key
[1397105.417421] Could not find valid key in user session keyring for sig specified in mount option: [xxxxxxxxxxxxxxxx]
[1397105.417423] One or more global auth toks could not properly register; rc = [-2]
[1397105.417426] Error parsing options; rc = [-2]

So still a bug but not critical

Comment 3 Eric Sandeen 2011-07-05 19:33:15 UTC
>  mount.ecryptfs: Failed to write to the mount table

probably because /etc/mtab is now a symlink to readonly /proc/mounts.  strace it and see?

> [149345.089000] Mount on filesystem of type eCryptfs explicitly disallowed due
to known incompatibilities

you didn't give me /proc/mounts so I don't know what's going on there yet.

But the only way it should be able to happen is if your "lower" filesystem is already ecryptfs:

        if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) {
                rc = -EINVAL;
                printk(KERN_ERR "Mount on filesystem of type "
                        "eCryptfs explicitly disallowed due to "
                        "known incompatibilities\n");
                goto out_free;
        }

> ecryptfs_parse_options: eCryptfs: unrecognized option
[key=passphrase]

is that edited, or did you literally do "mount -t ecryptfs -o key=passphrase" ?

Comment 4 Michal Hlavinka 2011-07-08 08:41:15 UTC
(In reply to comment #3)
> >  mount.ecryptfs: Failed to write to the mount table
> 
> probably because /etc/mtab is now a symlink to readonly /proc/mounts.  strace
> it and see?

it should be fixed since ecryptfs-utils-87-3.fc15 but checking it with strace won't do any harm ;)

Anyway, as Eric said, we need content of /proc/mount and complete mount command you are using

Comment 5 Walter Neumann 2011-07-08 12:23:47 UTC
Created attachment 511928 [details]
strace of mount command

Comment 6 Walter Neumann 2011-07-08 12:26:45 UTC
After rebooting the error messages have calmed a lot. I still get the misleading

 Error mounting eCryptfs: [-5] Input/output error
 Check your system logs; visit <http://launchpad.net/ecryptfs>

in the terminal and 

 mount.ecryptfs: Failed to write to the mount table

in /var/log/messages

I just sent an strace for the command "sudo mount -t ecryptfs dir1 dir2"

Comment 7 Walter Neumann 2011-07-08 12:38:41 UTC
Created attachment 511930 [details]
strace with -f of mount command

This strace was done with -f option.

Comment 8 Eric Sandeen 2011-07-08 14:35:19 UTC
3949  open("/etc/mtab", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3
...
3949  write(3, "/home/neumann/work/dir1 /home/neum"..., 195) = -1 EINVAL (Invalid argument)

sooo it's still trying to write /etc/mtab

Comment 9 Michal Hlavinka 2011-07-11 11:21:00 UTC
(In reply to comment #8)
> 3949  open("/etc/mtab", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3
> ...
> 3949  write(3, "/home/neumann/work/dir1 /home/neum"..., 195) = -1 EINVAL
> (Invalid argument)
> 
> sooo it's still trying to write /etc/mtab

right, seems that the patch I got does not fix all occurrences. Just a sec...

Comment 10 Fedora Update System 2011-07-11 12:45:25 UTC
ecryptfs-utils-87-5.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/ecryptfs-utils-87-5.fc15

Comment 11 Walter Neumann 2011-07-12 00:47:53 UTC
This fixes it for me. Thanks

Comment 12 Michal Hlavinka 2011-07-12 08:36:32 UTC
Please do not change bug status, only bug assignee/bugzapper/bot should do this. Adding comment is enough. You can close bug notabug if you report it and find out that it's not a bug before bug gets any attention. In other case just add comment. Thanks

Comment 13 Fedora Update System 2011-07-19 14:42:50 UTC
ecryptfs-utils-87-5.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/ecryptfs-utils-87-5.fc14

Comment 14 Fedora Update System 2011-07-19 14:43:03 UTC
ecryptfs-utils-87-6.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/ecryptfs-utils-87-6.fc15

Comment 15 Fedora Update System 2011-07-23 01:59:36 UTC
Package ecryptfs-utils-87-7.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing ecryptfs-utils-87-7.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/ecryptfs-utils-87-7.fc15
then log in and leave karma (feedback).

Comment 16 Fedora Update System 2011-08-03 22:52:59 UTC
ecryptfs-utils-87-7.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 17 Fedora Update System 2011-08-03 22:53:22 UTC
ecryptfs-utils-87-6.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.