Description of problem: I got pam_mount configured to mount crypted partition, they mount fine, but if they are unmounted I cannot mount them a second time. I got this message: crypt_activate_by_passphrase: File exist The kernel logs a trace in dmesg also related to crypt module (see attachment). This was not happening with previous kernels. Cheers, Chris.
Created attachment 2211 [details] dmesg output
Attachment 2211 mime type: application/octet-stream => text/plain
Assignee: bugsquad => tmb
Hi, some update. The mount/unmount issue is not related to a kernel bug, although I don't know to which extend the trace log is important. I found this in the pam_mount logs: NOTE: mount.crypt does not support utab (systems with no mtab or read-only mtab) yet. This means that you will temporarily need to call umount.crypt(8) rather than umount(8) to get crypto volumes unmounted. The umount problem is indeed solved if I unmount the volumes by hand using umount.crypt instead of umount, but that breaks the functionality of pam_mount which is used to do this automatically on login/logout. Something changed in the permissions of /etc/mtab recently as it now points to -r--r--r-- 1 root root 0 May 8 21:25 /proc/self/mounts which is indeed not writable. So that may be related to some systemd update? I am the actual maintainer for pam_mount, but there is apparently no patch for this issue. Cheers, Chris.
Severity: major => normal
Hmm, /etc/mtab is just a symlink to /proc/mounts these days. You obviously cannot write changes to /proc/mounts as it is, by definition, readonly. So I would try and speak to some fedora people about how they handle this. Looking at the F17 file, it would seem that they have a much newer version than us: 2.5 vs 2.13: http://pkgs.fedoraproject.org/gitweb/?p=pam_mount.git;a=tree;h=refs/heads/f17;hb=f17 They also apply a patch related to the /etc/cmtab file (which sounds like it might be a work around for this issue).
CC: (none) => mageia
Thanks Colin, I'll try to sort out a patch; I am reassigning to myself the bug then. In fact, we have already the 2.13 version pam_mount-2.13-1.mga2.src.rpm Cheers, Chris.
Assignee: tmb => dirteat
Yeah, what I was meaning was that Fedora have v2.5 which is newer than v2.13 we have...
The git repo of pam_mount seems to have support for utab now; but in order to not introduce new bugs I have just added a patch forcing a call to umount.crypt for crypted volumes. That fixes the bug as far as I can test locally and should not change anything for other type of volumes. I am closing this thing, anyone feel free to reopen if sh... happens! Cheers, Chris.
Status: NEW => RESOLVEDResolution: (none) => FIXED
Close it if the fix is pushed..
Status: RESOLVED => REOPENEDCC: (none) => sander.lepikResolution: FIXED => (none)
Hi, This bug was filed against cauldron, but we do not have cauldron at the moment. Please report whether this bug is still valid for Mageia 2. Thanks :) Cheers, marja
Keywords: (none) => NEEDINFO
Hi there, yes it is, the push did not went through! Cheers.
Keywords: NEEDINFO => (none)Version: Cauldron => 2
Advisory ----- Dear QA Team, please, notice that the packages pam_mount-2.13-1.1.mga2 libcryptmount0-2.13-1.1.mga2 libcryptmount-devel-2.13-1.1.mga2 are alighting on core/update_testing and I would like you to validate them. This version fixes the above-mentioned unmounting issue using crypted volumes under pam_mount. Please find below some checks that you could perform to test its good behaviour. Mininal tests: 1) Install pam_mount 2) Check that it requires libcryptmount0 from the same update 3) Check that /etc/security/pam_mount.conf.xml (root privilege) contains this line (bottom of the file) <cryptumount>/sbin/umount.crypt %(MNTPT)</cryptumount> Advanced tests: optional and works for me: I am assuming you're familiar with pam_mount and that you have already set crypted volumes to be mounted/umounted at login/logout time through pam_mount (required edition of pam.d/kdm for instance) 1) Check out that you've added the above line in your already configured /etc/security/pam_mount.conf.xml file. It won't be by default, as the new config file will be installed as pam_mount.conf.xml.rpmnew 2) To be sure you don't have crypted volume in a undefined state from the buggy pam_mount version, please reboot. 3) Check that your volumes are correctly mounted after first ever login 4) Check that your volumes are correctly unmounted after first ever logout 5) Check that your volumes are correctly mounted after second ever login 6) stop there :) Thank you in advance for your work! ------------------
CC: (none) => dirteatAssignee: dirteat => qa-bugs
CC: (none) => stormiSource RPM: kernel-3.3.4-1.mga2.src.rpm => pam_mount
Sorry for the delay getting to this. I'm not familiar with pam_mount, but have it sort of working. I've added two lines to /etc/pam.d.login as per http://pam-mount.git.sourceforge.net/git/gitweb.cgi?p=pam-mount/pam-mount;a=blob;hb=master;f=doc/pam_mount.txt I've added a volume to /etc/security/pam_mount.conf.xml <volume user="dave" fstype="crypt_LUKS" path="/dev/mapper/91-data" mountpoint="/var/mnt/data" crypto_name="luks91" /> If I login at a console, I'm prompted to re-enter the password for pam_mount, and it does mount the volume. At logout, it does get unmounted. Login again, it get's mounted. But, logging in via gdm, there's no extra prompt, nor a mount. If I login to more than one session, the unmount happens as soon as I logout from any of the sessions, instead of the last sesssion. Is this what is expected?
CC: (none) => davidwhodgins
Hi Dave, thank you for your testing! That's indeed the expected behaviour. The important part being that the volumes get unmounted when you logout, as you described. For information, since you modified /etc/pam.d/login, this is for the console login only, so that's normal that nothing happens with gdm/kdm. As for the multiple logins, the first logout should indeed triggers the umount, so that's again normal. Thanks! Cheers, Chris.
Ok. Thanks. I was quite surprised that it managed to unmount an in-use file system. I don't like the idea of first logout doing the unmount, so I'll stick with my scripts and unmount manually. Testing complete on Mageia 2 i586. Chris, did you test on 64 bit? If so, I'll go ahead and validate the update.
Whiteboard: (none) => MGA2-32-OK
Yes, that works for me on x86_64, so you can go ahead with validation. thanks! chris. PS: for the umount, that's tunable, you can ask it to not umount at logout. In any case, if the fs is in use, it should not umount it. In fact I should write a wiki somewhere. Myself I am using pam_mount combined with kdm and a encrypted passwd which is decrypted by my login passwd and used to mount/umount the encrypted volume at login/logout in one go.
Validating the update. Could someone from the sysadmin team push the srpm pam_mount-2.13-1.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: This update to pam_mount fixes a problem unmounting encrypted volumes at logout, for volumes mounted at login by pam_mount. https://bugs.mageia.org/show_bug.cgi?id=5787
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA2-32-OK => MGA2-32-OK MGA2-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0122
Status: REOPENED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED