[Bug 671276] New: pam_mount leaves stuff in /dev/mapper and does not unmount encrypted partitions
https://bugzilla.novell.com/show_bug.cgi?id=671276 https://bugzilla.novell.com/show_bug.cgi?id=671276#c0 Summary: pam_mount leaves stuff in /dev/mapper and does not unmount encrypted partitions Classification: openSUSE Product: openSUSE 11.4 Version: RC 1 Platform: i686 OS/Version: SuSE Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: buschmann23@opensuse.org QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b11) Gecko/20110203 Firefox/4.0b11 I am using a home partition that is encrypted with LUKS. A passphrase is used to authenticate and the volume is automaticaly mounted at login through pam_mount. After upgrading fom oS 11.3 to oS 11.4 RC1 this does not work correct anymore. The first login works, but when I logout and then try to login, pam_mount prints only some error logs and does not mount the volume again. The reason is that the partition is not unmounted from device mapper. The mountpoint (/dev/mapper/_dev_sda3 -> /home) is cleaned from mtab, but _dev_sda3 is still present in /dev/mapper. When I close the LUKS volume manually with cryptsetup luksClose _dev_sda3 /dev/mapper is clean and I can use pam_mount again... Till the next logout. When I mount it manually with mount.crypt and than try to unmount it with umount.crypt, umount.crypt tells me, that it is not mounted - but it is. #~ mount.crypt /dev/sda3 /home Password: That works. #~ umount.crypt /home /home is not mounted (according to cmtab) After mount.crypt /var/run/cmtab contains the information. But after using umount.crypt cmtab is empty. The mountpoint still is in /etc/mtab and the partition ist still correctly mounted. I can unmount it completely manual by using umount and cryptsetup. Reproducible: Always Steps to Reproduce: 1. Having a LUKS formatted and encryptet partition /dev/sda3, want to mount it on /home 2. mount.crypt /dev/sda3 /home 3. Entering password, all works, partition is mounted. 4. umount.crypt /home prints /home is not mounted (according to cmtab) Actual Results: Partition gets not unmounted or is still under /dev/mapper as _dev_sda3. Expected Results: Partition should be unmounted completely, from /home and from /dev/mapper/_dev_sda3. This setup was created manually in openSUSE 11.3, without YaST, and worked properly there. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c
Matthias Fehring
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c1
--- Comment #1 from Jan Engelhardt
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c2
Stefan Tittel
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c3
--- Comment #3 from Jan Engelhardt
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c4
--- Comment #4 from Stefan Tittel
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c5
--- Comment #5 from Jan Engelhardt
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c6
--- Comment #6 from Stefan Tittel
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c7
Michael Calmer
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c8
Jan Engelhardt
Using the new version you provided, pam_mount does not work anymore at all (with as well as without the updated util-linux package).
When I was trying it on a login shell, the status messages vanished too quickly to write them down, so here is the result of using pam_mount with su instead:
pam_mount(mount.c:260): Mount info: globalconf, user=tittel <volume fstype="crypt" server="(null)" path="/dev/sdb9" mountpoint="/home/tittel" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="noatime,acl" /> fstab=0 ssh=0 Segmentation fault
This looks like it killed su, without giving you the new shell, so that would be some bug in the module. Will look. Does using mount.crypt directly work for your case w.r.t. leaving devices in /dev/mapper? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c9
--- Comment #9 from Jan Engelhardt
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c10
Pavel Baranchikov
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c11
--- Comment #11 from Pavel Baranchikov
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c12
Jan Engelhardt
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c13
--- Comment #13 from Pavel Baranchikov
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c14
--- Comment #14 from Jan Engelhardt
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c15
--- Comment #15 from Pavel Baranchikov
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c16
--- Comment #16 from Jan Engelhardt
/home/pavel # umount.crypt -f /home/pavel/containercontents /home/pavel/containercontents is not mounted (according to cmtab)
Please retry the mount.crypt - umount.crypt cycle with pam_mount v2.11 from /repositories/Linux-PAM where I have added extra diagnostics to help narrow down what is found. Use -v for verbose: # mount.crypt -v /home/pavel/container.img /home/pavel/containercontents # umount.crypt -v /home/pavel/containercontents -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c17
--- Comment #17 from Pavel Baranchikov
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c18
--- Comment #18 from Pavel Baranchikov
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c19
Jan Engelhardt
mount.crypt/umount.crypt seem to work well.
Good, then this is resolved.
But the /var/run/cmtab file contents left unchanged.
Yeah; the file is now /run/cmtab in accordance with http://lists.fedoraproject.org/pipermail/devel/2011-March/150031.html .
But pam_mount.so still do the error.
That would then be because pam_mount defaults to calling umount(8) rather than umount.crypt(8): rdconf1.c: {CMD_CRYPTUMOUNT, "crypt", {"umount", "%(MNTPT)", NULL}},] Use the following in pam_mount.conf.xml as a temporary workaround: <cryptumount>umount.crypt %(MNTPT)</cryptumount> -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c20
--- Comment #20 from Pavel Baranchikov
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c21
--- Comment #21 from Jan Engelhardt
Mount directory /home/pavel/containercontents is not removed on logout
If the directory existed previously (i.e. if pam_mount did not need to mkdir), it will not be removed either. Perhaps it is the remnant of one of the previous tries? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c22
Jan Engelhardt
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c23
Jan Engelhardt
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c24
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c25
--- Comment #25 from Jan Engelhardt
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c26
--- Comment #26 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c27
--- Comment #27 from Jan Engelhardt
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c28
--- Comment #28 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c29
--- Comment #29 from Jan Engelhardt
any others new or removed?
None. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c30
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c31
Christian Dengler
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c32
Ruediger Oertel
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c33
--- Comment #33 from Jan Engelhardt
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c34
--- Comment #34 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c34
--- Comment #34 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c35
Dirk Mueller
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c36
--- Comment #36 from Jan Engelhardt
The baselibs.conf doesn't look quite right. Dirk Mueller and I believe it >should look like this: libHX27 libHX-devel requires -libHX requires -libHX27 requires "libHX27-<targettype> = <version>"
I based this baselibs.conf upon what preexisted in openSUSE, e.g. openSUSE:11.4/util-linux. Since libHX-devel-32bit does not require libHX in the first place, there is no need to exclude it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c37
Christian Dengler
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c
Christian Dengler
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c38
--- Comment #38 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c39
--- Comment #39 from Ruediger Oertel
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c40
--- Comment #40 from Christian Dengler
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c41
Dirk Mueller
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c42
--- Comment #42 from Jan Engelhardt
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c43
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c44
Ruediger Oertel
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c45
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=671276
https://bugzilla.novell.com/show_bug.cgi?id=671276#c46
Christian Dengler
participants (1)
-
bugzilla_noreply@novell.com