Created attachment 2211 [details]
dmesg output

Hi,
some update. The mount/unmount issue is not related to a kernel bug, although I don't know to which extend the trace log is important.

I found this in the pam_mount logs:

NOTE: mount.crypt does not support utab (systems with no mtab or read-only mtab) yet. This means that you will temporarily need to call umount.crypt(8) rather than umount(8) to get crypto volumes unmounted.

The umount problem is indeed solved if I unmount the volumes by hand using umount.crypt instead of umount, but that breaks the functionality of pam_mount which is used to do this automatically on login/logout.

Something changed in the permissions of /etc/mtab recently as it now points to
-r--r--r-- 1 root root 0 May  8 21:25 /proc/self/mounts

which is indeed not writable. So that may be related to some systemd update?

I am the actual maintainer for pam_mount, but there is apparently no patch for this issue.

Cheers,
Chris.

Severity: major => normal

Hmm, /etc/mtab is just a symlink to /proc/mounts these days.

You obviously cannot write changes to /proc/mounts as it is, by definition, readonly.

So I would try and speak to some fedora people about how they handle this.

Looking at the F17 file, it would seem that they have a much newer version than us: 2.5 vs 2.13:

http://pkgs.fedoraproject.org/gitweb/?p=pam_mount.git;a=tree;h=refs/heads/f17;hb=f17

They also apply a patch related to the /etc/cmtab file (which sounds like it might be a work around for this issue).

CC: (none) => mageia

Thanks Colin,
I'll try to sort out a patch; I am reassigning to myself the bug then.
In fact, we have already the 2.13 version

pam_mount-2.13-1.mga2.src.rpm

Cheers,
Chris.

Assignee: tmb => dirteat

Yeah, what I was meaning was that Fedora have v2.5 which is newer than v2.13 we have...

The git repo of pam_mount seems to have support for utab now; but in order to not introduce new bugs I have just added a patch forcing a call to umount.crypt for crypted volumes. That fixes the bug as far as I can test locally and should not change anything for other type of volumes.

I am closing this thing, anyone feel free to reopen if sh... happens!

Cheers,
Chris.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Close it if the fix is pushed..

Status: RESOLVED => REOPENED
CC: (none) => sander.lepik
Resolution: FIXED => (none)

Hi,

This bug was filed against cauldron, but we do not have cauldron at the moment.

Please report whether this bug is still valid for Mageia 2.

Thanks :)

Cheers,
marja

Keywords: (none) => NEEDINFO

Hi there,
yes it is, the push did not went through!

Cheers.

Advisory

-----

Dear QA Team,
please, notice that the packages

pam_mount-2.13-1.1.mga2
libcryptmount0-2.13-1.1.mga2
libcryptmount-devel-2.13-1.1.mga2


are alighting on core/update_testing and I would like you to validate them.

This version fixes the above-mentioned unmounting issue using crypted volumes under pam_mount. Please find below some checks that you could perform to test its good behaviour.

Mininal tests:

1) Install pam_mount
2) Check that it requires libcryptmount0 from the same update
3) Check that /etc/security/pam_mount.conf.xml (root privilege) contains this line (bottom of the file)

<cryptumount>/sbin/umount.crypt %(MNTPT)</cryptumount>

Advanced tests: optional and works for me:
I am assuming you're familiar with pam_mount and that you have already set crypted volumes to be mounted/umounted at login/logout time through pam_mount (required edition of pam.d/kdm for instance)

1) Check out that you've added the above line in your already configured /etc/security/pam_mount.conf.xml file. It won't be by default, as the new config file will be installed as pam_mount.conf.xml.rpmnew

2) To be sure you don't have crypted volume in a undefined state from the buggy pam_mount version, please reboot.

3) Check that your volumes are correctly mounted after first ever login

4) Check that your volumes are correctly unmounted after first ever logout

5) Check that your volumes are correctly mounted after second ever login

6) stop there :)


Thank you in advance for your work!

------------------

CC: (none) => dirteat
Assignee: dirteat => qa-bugs

Sorry for the delay getting to this.

I'm not familiar with pam_mount, but have it sort of working.

I've added two lines to /etc/pam.d.login as per
http://pam-mount.git.sourceforge.net/git/gitweb.cgi?p=pam-mount/pam-mount;a=blob;hb=master;f=doc/pam_mount.txt

I've added a volume to /etc/security/pam_mount.conf.xml
<volume user="dave" fstype="crypt_LUKS" path="/dev/mapper/91-data" mountpoint="/var/mnt/data" crypto_name="luks91"
       />

If I login at a console, I'm prompted to re-enter the password
for pam_mount, and it does mount the volume.

At logout, it does get unmounted.

Login again, it get's mounted.

But, logging in via gdm, there's no extra prompt, nor a mount.
If I login to more than one session, the unmount happens as soon
as I logout from any of the sessions, instead of the last sesssion.

Is this what is expected?

CC: (none) => davidwhodgins

Hi Dave,
thank you for your testing! That's indeed the expected behaviour. The important part being that the volumes get unmounted when you logout, as you described.

For information, since you modified /etc/pam.d/login, this is for the console login only, so that's normal that nothing happens with gdm/kdm. As for the multiple logins, the first logout should indeed triggers the umount, so that's again normal.

Thanks!

Cheers,
Chris.

Ok. Thanks. I was quite surprised that it managed to unmount an
in-use file system.  I don't like the idea of first logout doing
the unmount, so I'll stick with my scripts and unmount manually.

Testing complete on Mageia 2 i586.

Chris, did you test on 64 bit?  If so, I'll go ahead and validate
the update.

Whiteboard: (none) => MGA2-32-OK

Yes, that works for me on x86_64, so you can go ahead with validation.

thanks!
chris.

PS: for the umount, that's tunable, you can ask it to not umount at logout. In any case, if the fs is in use, it should not umount it. In fact I should write a wiki somewhere. Myself I am using pam_mount combined with kdm and a encrypted passwd which is decrypted by my login passwd and used to mount/umount the encrypted volume at login/logout in one go.

Validating the update.

Could someone from the sysadmin team push the srpm
pam_mount-2.13-1.1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory:  This update to pam_mount fixes a problem unmounting
encrypted volumes at logout, for volumes mounted at login by pam_mount.

https://bugs.mageia.org/show_bug.cgi?id=5787

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: MGA2-32-OK => MGA2-32-OK MGA2-64-OK

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0122

Status: REOPENED => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED