https://bugzilla.novell.com/show_bug.cgi?id=480777 Summary: yast2 created fstab entries for crypt files should be processed diffrently then now. (new loop dev should not be used unless luksClose is called on already used). Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: i686 OS/Version: openSUSE 11.1 Status: NEW Severity: Major Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: 19972005@mail.ru QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.6) Gecko/2009012700 SUSE/3.0.6-0.1.2 Firefox/3.0.6 According to parts of the sample demonstration below: 1. After issuing 'mount' on the entry from fstab w/ fs-type 'crypt' and option 'loop' the password is asked from STDIN, then cryptsetup taints encrypted file, /dev/mapper/_dev_loop0 and /dev/loop0 . 2. Now doing umount on the mount point of 1). The logical referense between encrypted file, /dev/mapper/_dev_loop0 and /dev/loop0 is NOT cleared (and that is okay - umounting should not lead to luksClose on device, or we will be unable to do safe fsck for example). 3. Now again doing the mount on the same mount point. The mount asks for password. Due to 2) that is wrong - the device /dev/mapper/_dev_loop0 is still present and may be used w/o password. And if we enter correct password when mounting again - we will see that mount creates new reference encrypted file, /dev/mapper/_dev_loop1 and /dev/loop1. Obviousely this will lead soon to reaching limit of avaliable loop devices. --------------------------------------sample_session: fs:~ # grep loop /etc/fstab /backup/my_pvt_pix_and_video.cfs /backup/mnt/my_pvt_pix_and_video crypt loop,noauto,acl,user_xattr 0 0 /backup/my_pvt_files.cfs /backup/mnt/my_pvt_files crypt loop,noauto,acl,user_xattr 0 0 fs:~ # mount /backup/mnt/my_pvt_files Enter LUKS passphrase: key slot 0 unlocked. Command successful. fs:~ # ls /dev/mapper control _dev_loop0 vg_backup-backup vg_data-data vg_os-root vg_os-varlog vg_swap-swap fs:~ # losetup -va /dev/loop0: [fd03]:19 (/backup/my_pvt_files.cfs) fs:~ # umount /backup/mnt/my_pvt_files fs:~ # mount /backup/mnt/my_pvt_files Enter LUKS passphrase: [now pressing ^C - this was just to indicate that password is asked again] fs:~ # mount | grep /backup/mnt/my_pvt_files fs:~ # losetup -va /dev/loop0: [fd03]:19 (/backup/my_pvt_files.cfs) fs:~ # ls /dev/mapper control _dev_loop0 vg_backup-backup vg_data-data vg_os-root vg_os-varlog vg_swap-swap fs:~ # cryptsetup status _dev_loop0 /dev/mapper/_dev_loop0 is active: cipher: aes-cbc-essiv:sha256 keysize: 128 bits device: /dev/loop0 offset: 1032 sectors size: 1391608 sectors mode: read/write fs:~ # mount /dev/loop0 /backup/mnt/my_pvt_files mount: unknown filesystem type 'crypto_LUKS' fs:~ # mount /backup/mnt/my_pvt_files Enter LUKS passphrase: key slot 0 unlocked. Command successful. fs:~ # losetup -va /dev/loop0: [fd03]:19 (/backup/my_pvt_files.cfs) /dev/loop1: [fd03]:19 (/backup/my_pvt_files.cfs) fs:~ # cryptsetup status _dev_loop0 /dev/mapper/_dev_loop0 is active: cipher: aes-cbc-essiv:sha256 keysize: 128 bits device: /dev/loop0 offset: 1032 sectors size: 1391608 sectors mode: read/write fs:~ # cryptsetup status _dev_loop1 /dev/mapper/_dev_loop1 is active: cipher: aes-cbc-essiv:sha256 keysize: 128 bits device: /dev/loop1 offset: 1032 sectors size: 1391608 sectors mode: read/write fs:~ # umount /backup/mnt/my_pvt_files fs:~ # mount | grep /backup/mnt/my_pvt_files fs:~ # mount /dev/mapper/_dev_loop1 /backup/mnt/my_pvt_files fs:~ # ls /backup/mnt/my_pvt_files lost+found fs:~ # umount /backup/mnt/my_pvt_files fs:~ # Reproducible: Always Steps to Reproduce: 1. create crypt file w/ yast2 (or entry in fstab and related encrypted file like in session above) 2. mount the crypt file fstab entry by directory name from fstab - password prompt appear. 3. Do umount on the direcrtory above. 4. Do mount again on the same directory - the password prompt appear. Actual Results: mount Asks for password and creates new security associations enstead of using old ones (that are still okay) Expected Results: 1. mount shoud store at some place an association between /dev/mapper/_dev_loop0, crypted file and mount point from fstab to reuse /dev/mapper/_dev_loop0 when trying to mount the entry from fstab that already has active /dev/mapper/... device (this happens if umount is called w/ the dir or file as param). Also some service script should be responsible for LUKS mappings in /dev/mapper At least boot.crypto says 'unused' if /etc/crypttab and /etc/cryptotab are not used even when LUKS mapped devices are present in /dev/mapper. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.