[Bug 463161] New: encrypted home directory mounted X times causes corruption!
https://bugzilla.novell.com/show_bug.cgi?id=463161 Summary: encrypted home directory mounted X times causes corruption! Product: openSUSE 11.1 Version: Final Platform: x86-64 OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: jnelson-suse@jamponi.net QAContact: qa@suse.de Found By: --- If you have a user (let's call him "bob") whose *encrypted* home directory is mounted via pam_mount, then using 'su' to become bob corrupts bob's home directory (sometimes). Turning pam_mount debugging on, the problem is that the "is bob's home directory already mounted" logic is failing, which means it is *remounted* - this can cause filesystem corruption. To test: 1. Set up a user with pam_mount encrypted home directory (for example, call the user bob) 2. Enable debugging (at the top of /etc/security/pam_mount.conf or something like that) 3. Starting as *root* (or at least not as bob), type 'su - bob'. Type in bob's password. See bob's home dir! 4. Repeat step 4 without logging out. Notice that bob's home dir is mounted *again*. This is bad. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=463161
User jnelson-suse@jamponi.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c1
--- Comment #1 from Jon Nelson
https://bugzilla.novell.com/show_bug.cgi?id=463161
User meissner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c2
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=463161
User mc@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c3
Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=463161
User jnelson-suse@jamponi.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c4
--- Comment #4 from Jon Nelson
https://bugzilla.novell.com/show_bug.cgi?id=463161
User mc@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c5
--- Comment #5 from Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=463161
User jnelson-suse@jamponi.net added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c6
--- Comment #6 from Jon Nelson
https://bugzilla.novell.com/show_bug.cgi?id=463161
User mc@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c7
Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=463161
User tilman.vogel@web.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c8
Tilman Vogel
https://bugzilla.novell.com/show_bug.cgi?id=463161
User mc@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c9
Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=463161
User mc@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c10
Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=463161
User tilman.vogel@web.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c11
Tilman Vogel
I cannot reproduce this. If I follow your description the image is mounted only once.
"mount" say:
/dev/mapper/_home_user.img .... /home/user
Ok, then the reason must lie somewhere different. For me, it shows /dev/mapper/_dev_loop0 .... /home/user and /dev/mapper/_dev_loop1 .... /home/user respectively. My pam_mount log says command: [/bin/mount] [-t] [crypt] [-oloop] [/home/test.img] [/home/test] is this the key difference? Maybe mount sets up the loop already? My /etc/security/pam_mount.conf.xml says: <cryptmount>/bin/mount -t crypt "%(before=\"-o\" OPTIONS)" %(VOLUME) %(MNTPT)</cryptmount> In my case, the argument passed to mount.crypt was /dev/loopX, not /home/user.img. If this is the problem, then it could be related to the migration logic from /etc/security/pam_mount.conf to /etc/security/pam_mount.conf.xml I just upgraded from openSUSE 10.3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=463161
User tilman.vogel@web.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c12
--- Comment #12 from Tilman Vogel
command: [/bin/mount] [-t] [crypt] [-oloop] [/home/test.img] [/home/test] Sorry, I meant
command: [/bin/mount] [-t] [crypt] [-oloop] [/home/user.img] [/home/user] -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=463161
User mc@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c13
Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=463161
Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=463161
User tilman.vogel@web.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c14
Tilman Vogel
https://bugzilla.novell.com/show_bug.cgi?id=463161
User mc@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c15
Michael Calmer
If this transition cannot be done automatically, I personally would even prefer no automatic migration, but a message, that old encrypted volumes must be activated by hand.
Well, other customers think different :-) I think we will go with "we try to migrate" and put a section into the release notes that we were required to convert the configuration and the customer should check if this was successful. A backup file with the original config was created. The next migration will happen in 11.2. It would give me great pleasure if you would test this migration if betas are available. (will take some time:-) I close this bug as "wontfix" now, which is more or less a "cannot fix anymore". -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=463161
User tilman.vogel@web.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c16
Tilman Vogel
https://bugzilla.novell.com/show_bug.cgi?id=463161
User tilman.vogel@web.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c17
--- Comment #17 from Tilman Vogel
https://bugzilla.novell.com/show_bug.cgi?id=463161
User mc@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=463161#c18
Michael Calmer
Hm, I understand that this cannot be fixed for 10.3 -> 11.1 but for future releases, the migration from existing 10.3 installations will still produce this problem.
This is why I asked you to test update to 11.2 if the times come:-) This migration should not have these problems. I have something ready for this. So this should be "fixed". I think we should use a new bug, if we find errors there. In the current version of pam_mount (1.X) all these default options are gone, so the next migration will remove all these values and only debug, mntoptions, luserconf and volume will stay in the config. Please use a new bug for 11.2 if there is something wrong. We will not do an update for 11.1. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com