[Bug 496279] New: Recent security updates appears to break mounting of LUKS crypto devices.
http://bugzilla.novell.com/show_bug.cgi?id=496279 Summary: Recent security updates appears to break mounting of LUKS crypto devices. Classification: openSUSE Product: openSUSE 11.1 Version: Final Platform: i586 OS/Version: openSUSE 11.1 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: robin.listas@telefonica.net QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.8) Gecko/2009032600 SUSE/3.0.8-1.1.1 Firefox/3.0.8 On my 11. test partition, when mounting crypto LUKS filesystems via script /etc/init.d/boot.crypto, they are mounted twice, sometimes: minas-morgul:~ # rccrypto start cr_mm_1_amon_din Please enter passphrase for /dev/disk/by-id/usb-Initio_ST3320620AS_0010101650000DDEW-0:0-part1 (cr_mm_1_amon_din): Enter LUKS passphrase: Enter LUKS passphrase: key slot 0 unlocked. Command successful. /dev/disk/by-id/usb-Initio_ST3320620AS_0010101650000DDEW-0:0-part1... done minas-morgul:~ # mount | grep Amon /dev/mapper/cr_mm_1_amon_din on /mnt/usb/1_Amon_Din type reiserfs (rw,noexec,nosuid,nodev,noatime,user_xattr) /dev/dm-3 on /media/Amon_Din type reiserfs (rw,nosuid,nodev) and stopping it fails: minas-morgul:~ # rccrypto stop cr_mm_1_amon_din Command failed: Device busy /dev/disk/by-id/usb-Initio_ST3320620AS_0010101650000DDEW-0:0-part1... failed minas-morgul:~ # umount /media/Amon_Din minas-morgul:~ # rccrypto stop cr_mm_1_amon_din /dev/disk/by-id/usb-Initio_ST3320620AS_0010101650000DDEW-0:0-part1... done The filesystems are mounted via usb. I believe it happens when the process is slow, dmsetup is already called with the password, but the disk not mounted yet (fsck?), GNOME sees the device, and tries to automount it (under /media), before the script sees it. Nautilus opens a window with the device. Then the script finalizes and mounts it another time - I only want the script, not gnome to mount it. When things go corretly (after several failed attempts) nautilus does not show the window automatically and there is no corresponding device icon on the desktop. Last updates: Fri Apr 17 2009 Tue Apr 14 2009 libvolume_id1 128-9.7.1 Fri Apr 17 2009 Thu Apr 16 2009 java-1_6_0-openjdk 1.4_b14-24.4.3 Fri Apr 17 2009 Wed Apr 08 2009 gnome-panel 2.24.1-2.26.1 Fri Apr 17 2009 Mon Apr 06 2009 libgstinterfaces-0_10-0 0.10.21-2.21.2 Fri Apr 17 2009 Mon Apr 06 2009 krb5 1.6.3-132.5.1 Fri Apr 17 2009 Tue Apr 07 2009 mozilla-xulrunner190 1.9.0.8-1.1.1 Fri Apr 17 2009 Thu Apr 02 2009 module-init-tools 3.4-56.10.1 Fri Apr 17 2009 Wed Apr 01 2009 kernel-source 2.6.27.21-0.1.1 Fri Apr 17 2009 Tue Apr 14 2009 udev 128-9.7.1 Fri Apr 17 2009 Thu Apr 16 2009 java-1_6_0-openjdk-plugin 1.4_b14-24.4.3 Fri Apr 17 2009 Tue Mar 24 2009 postgresql-libs 8.3.7-0.1.1 Fri Apr 17 2009 Wed Apr 08 2009 gnome-panel-lang 2.24.1-2.26.1 Fri Apr 17 2009 Mon Apr 06 2009 gstreamer-0_10-plugins-base 0.10.21-2.21.2 Fri Apr 17 2009 Tue Apr 07 2009 mozilla-xulrunner190-gnomevfs 1.9.0.8-1.1.1 Fri Apr 17 2009 Tue Apr 07 2009 mozilla-xulrunner190-translations 1.9.0.8-1.1.1 Fri Apr 17 2009 Tue Apr 07 2009 MozillaFirefox 3.0.8-1.1.1 Fri Apr 17 2009 Thu Apr 02 2009 kernel-pae-base 2.6.27.21-0.1.2 Fri Apr 17 2009 Thu Apr 02 2009 kernel-debug-base 2.6.27.21-0.1.2 Fri Apr 17 2009 Tue Apr 07 2009 MozillaFirefox-translations 3.0.8-1.1.1 Fri Apr 17 2009 Thu Apr 02 2009 kernel-pae 2.6.27.21-0.1.2 Fri Apr 17 2009 Thu Apr 02 2009 kernel-debug 2.6.27.21-0.1.2 Fri Apr 17 2009 Thu Apr 02 2009 kernel-pae-extra 2.6.27.21-0.1.2 Fri Apr 17 2009 Thu Apr 02 2009 kernel-debug-extra 2.6.27.21-0.1.2 Sun Apr 19 2009 Thu Apr 02 2009 dbus-1 1.2.10-5.4.1 Reproducible: Sometimes -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=496279
User lnussel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=496279#c1
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=496279
User robin.listas@telefonica.net added comment
http://bugzilla.novell.com/show_bug.cgi?id=496279#c2
Carlos Robinson
http://bugzilla.novell.com/show_bug.cgi?id=496279
User lnussel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=496279#c3
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=496279
User lnussel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=496279#c4
--- Comment #4 from Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=496279
User lnussel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=496279#c5
--- Comment #5 from Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=496279
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=496279
User robin.listas@telefonica.net added comment
http://bugzilla.novell.com/show_bug.cgi?id=496279#c6
--- Comment #6 from Carlos Robinson
I can reproduce this here. Are you sure this didn't happen on an unpatched 11.1? It looks like a hal bug to me. Hal should refuse to mount devices specified in fstab. My guess is that the device is listed as /dev/mapper/something in fstab but hal only checks for e.g. /dev/dm-0. It then can't find /dev/dm-0 in fstab and allows the mount.
I seldom use my 11.1 partition, I use it only for testing. But it is fully updated. Yes, the devices are listed in fstab: /dev/mapper/cr_mm_1_amon_din /mnt/usb/1_Amon_Din \ reiserfs noatime,user,noauto,user_xattr 0 0 with a corresponding entry in /etc/crypttab: cr_mm_1_amon_din \ /dev/disk/by-id/usb-Initio_ST3320620AS_0010101650000DDEW-0:0-part1 \ none noauto Yes, I have noticed before this time gnome trying to mount devices already listed in fstab: if I connect my usb encrypted disk, gnome prompts me for the LUKS password. Ah, no, bad example, the /dev/mapper node is not active at that moment, because the usb node is listed in /etc/crypttab, not fstab. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=496279
User robin.listas@telefonica.net added comment
http://bugzilla.novell.com/show_bug.cgi?id=496279#c7
--- Comment #7 from Carlos Robinson
I can reproduce this here. Are you sure this didn't happen on an unpatched 11.1?
Ah, you mean whether this problem does not appear as well on a not patched 11.1? I don't know, but I have not seen it before, nor in my 11.0. However, as this is "erratic", it could be lurking before, and just chanced to happen the other day. Can't say. I mean it is erratic, because it happened several times with three LUKS partitions minutes after booting, then it stopped happening as soon as I wrote this report. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=496279
https://bugzilla.novell.com/show_bug.cgi?id=496279#c8
Danny Kukawka
participants (1)
-
bugzilla_noreply@novell.com