Bug 739878 - RFE: Boot procedure should allow one to skip mounting an encrypted filesystem
Summary: RFE: Boot procedure should allow one to skip mounting an encrypted filesystem
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: initscripts
Version: 6.4
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: rc
: ---
Assignee: David Kaspar [Dee'Kej]
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-20 10:26 UTC by David Tonhofer
Modified: 2017-12-06 10:31 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-06 10:31:20 UTC


Attachments (Terms of Use)
potential patch (597 bytes, patch)
2011-09-21 19:12 UTC, Bill Nottingham
no flags Details | Diff

Description David Tonhofer 2011-09-20 10:26:45 UTC
Description of problem:

Situation: An encrypted filesystem exists on a machine that is being booted.

           There is no immediate need to obtain the filesystem password
           and/or the filesystem is unavailable at this point in time.

           (Scenario: Maintenance on usually powered-down system to be
            performed by a person that has no "need to decrypt")

Problem:   The boot procedure asks you for the password and does not
           relent (using CTRL-C for example)

           Your options:

           reboot single, then mess around with /etc/fstab and
           possible /etc/crypttab

           or

           During earlier installation, have remembered to add "noauto" to
           /etc/fstab so that the encrypted filesystem is not  mounted by
           default.

Solution:  Allow to skip mounting an encrypted filesystem by accepting
           CTRL-C or similar at the prompt.

(On second thoughts, the "noauto" option would be a good solution if one knew about it)
 
Version-Release number of selected component (if applicable):

initscripts-9.03.23-1.el6.x86_64

Comment 2 Bill Nottingham 2011-09-20 15:52:46 UTC
In future major releases we may have a timeout here. However, the current infrastructure does not support that, and it can't easily be added.

'noauto' is documented in both the fstab and crypttab man page.

The initscripts check should exit after 3 attempts. plymouth code may not, assigning there.

Comment 3 Ray Strode [halfline] 2011-09-20 16:49:05 UTC
plymouth has a --number-of-tries option to the ask-for-password command.  I believe initscripts already does --number-of-tries 3

ctrl-c should cancel any pending password requests immediately

Comment 4 Bill Nottingham 2011-09-20 17:10:12 UTC
initscripts in RHEL 6, at least, does not pass any --number-of-tries.

Comment 5 Ray Strode [halfline] 2011-09-21 15:27:56 UTC
okay, moving back to initscripts.

Comment 7 Bill Nottingham 2011-09-21 19:12:08 UTC
Created attachment 524265 [details]
potential patch

Comment 8 David Tonhofer 2011-09-27 08:53:00 UTC
Hi,

I tried the patch on RH6.1. 

I works insofar as the system gives up on the password query after 3 tries, BUT:

After that, automounting causes problems. The filesystem-supposedly-decrypted is mounted normally through /etc/fstab, which of course fails:

"The superblock could not be read or does not describe a correct ext2 filesystem"

You are then dropped to the maintenance shell.

This happens even if "noauto" has been given in /etc/fstab!

Comment 9 RHEL Product and Program Management 2012-05-03 05:32:29 UTC
Since RHEL 6.3 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.

Comment 10 RHEL Product and Program Management 2012-07-10 08:36:04 UTC
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 11 RHEL Product and Program Management 2012-07-10 23:25:40 UTC
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development.  This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.

Comment 15 Jan Kurik 2017-12-06 10:31:20 UTC
Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/


Note You need to log in before you can comment on or make changes to this bug.