LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 06-27-2016, 07:01 AM   #1
haary
Member
 
Registered: Apr 2015
Posts: 49

Rep: Reputation: Disabled
Can't access ecryptfs with kernel 4.4.14


I do mount a directory for a second user like this:

Code:
mount -t ecryptfs /home/user2/.Private/ /home/user2/ -o ecryptfs_cipher=aes,ecryptfs_key_bytes=16,key=passphrase,ecryptfs_fnek_sig=1234567890abcdef,ecryptfs_unlink_sigs,ecryptfs_passthrough=no
It worked well this way until I upgraded to kernel 4.4.14. The mount itself works, but I can't access the directory any more.

dmesg output:
Code:
[   53.924289] Error opening lower file for lower_dentry [0xeb8a9080] and lower_mnt [0xf08bb0d0]; rc = [-124]
[   53.924294] ecryptfs_open: Error attempting to initialize the lower file for the dentry with name [/]; rc = [-124]
Apparently there were some changes to ecryptfs in 4.4.14. The Announcement from GKH says:

Quote:
Jann Horn (3):
ecryptfs: forbid opening files without mmap handler
Patch to ecryptfs see below. I am not a kernel or C programmer, so I can't tell what went wrong.

Do I need to change something to my mount command or is this a bug?


Code:
--- a/fs/ecryptfs/kthread.c
+++ b/fs/ecryptfs/kthread.c
@@ -25,6 +25,7 @@
 #include <linux/slab.h>
 #include <linux/wait.h>
 #include <linux/mount.h>
+#include <linux/file.h>
 #include "ecryptfs_kernel.h"

 struct ecryptfs_open_req {
@@ -147,7 +148,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
        flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR;
        (*lower_file) = dentry_open(&req.path, flags, cred);
        if (!IS_ERR(*lower_file))
-               goto out;
+               goto have_file;
        if ((flags & O_ACCMODE) == O_RDONLY) {
                rc = PTR_ERR((*lower_file));
                goto out;
@@ -165,8 +166,16 @@ int ecryptfs_privileged_open(struct file **lower_file,
        mutex_unlock(&ecryptfs_kthread_ctl.mux);
        wake_up(&ecryptfs_kthread_ctl.wait);
        wait_for_completion(&req.done);
-       if (IS_ERR(*lower_file))
+       if (IS_ERR(*lower_file)) {
                rc = PTR_ERR(*lower_file);
+               goto out;
+       }
+have_file:
+       if ((*lower_file)->f_op->mmap == NULL) {
+               fput(*lower_file);
+               *lower_file = NULL;
+               rc = -EMEDIUMTYPE;
+       }
 out:
        return rc;
 }
 
Old 06-27-2016, 10:02 AM   #2
haary
Member
 
Registered: Apr 2015
Posts: 49

Original Poster
Rep: Reputation: Disabled
Did some more testing - decrypted and encrypted the users home directory again with kernel 4.4.14 and the tool ecryptfs-migrate-home. Used ecryptfs-mount-private as the user. The mount itself works. The directory is still not accessible.

However, I can access single files if I type the name (tab completition of bash doesn't work), e.g. 'cat /home/user/foo/bar' works, but 'ls /home/user/foo/ gives the error "Wrong medium type".

It really seems to be a bug. What is the best way to report it upstream?
 
Old 06-27-2016, 01:25 PM   #3
haary
Member
 
Registered: Apr 2015
Posts: 49

Original Poster
Rep: Reputation: Disabled
Tested it with another machine with Slackware64 and current ecryptfs-util - same result.
Reported the issue to the ecryptfs mailing list: http://thread.gmane.org/gmane.comp.f...fs.general/878.

I will test tomorrow, if this happens on other distros with kernel 4.4.14, where PAM is used, as well. Strange, that there are no other reports about this issue yet.
 
1 members found this post helpful.
Old 06-28-2016, 04:03 AM   #4
haary
Member
 
Registered: Apr 2015
Posts: 49

Original Poster
Rep: Reputation: Disabled
I confirmed, that this bug also appears on Arch Linux (which has PAM and systemd) using their provided linux-lts kernel 4.4.14. However, using the provided default kernel on Arch, which is 4.6.3 and has the same patch to ecryptfs applied as 4.4.14, the error doesn't occur and one can access an ecryptfs mounted directory perfectly normal.

So it seems, that kernel 4.4.14, and perhaps other still maintained LTS kernels where this patch was applied (4.1.27, 3.18.36, 3.14.73) are affected. As for kernel 3.10.x - which is the default kernel in Slackware 14.1 - I can't find the ecryptfs related entry in the changelog of the latest release 3.10.102.

Meanwhile it was stated at the ecryptfs mailing list, that the backported version of the patch needs to be adjusted. So, stay tuned for kernel 4.4.15.
 
4 members found this post helpful.
Old 06-30-2016, 01:10 PM   #5
volkerdi
Slackware Maintainer
 
Registered: Dec 2002
Location: Minnesota
Distribution: Slackware! :-)
Posts: 1,659

Rep: Reputation: 5087Reputation: 5087Reputation: 5087Reputation: 5087Reputation: 5087Reputation: 5087Reputation: 5087Reputation: 5087Reputation: 5087Reputation: 5087Reputation: 5087
Since I'd rather release Slackware 14.2 with a completely vanilla kernel (and 4.4.15 doesn't seem to be coming soon), I've put the proposed upstream patch for this issue in source/k/, and built packages in /testing/packages containing a fixed ecryptfs kernel module.
 
6 members found this post helpful.
Old 07-01-2016, 12:50 PM   #6
haary
Member
 
Registered: Apr 2015
Posts: 49

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by volkerdi View Post
Since I'd rather release Slackware 14.2 with a completely vanilla kernel (and 4.4.15 doesn't seem to be coming soon), I've put the proposed upstream patch for this issue in source/k/, and built packages in /testing/packages containing a fixed ecryptfs kernel module.
Sorry, but it didn't work for me. I installed kernel-module-ecryptfs-4.4.14-x86_64-1.txz, even rebooted, but still getting the error "wrong medium type".

Three possibilities:

* I am doing something wrong
* The module in the package still isn't patched
* The patch doesn't work


I will rebuild the whole kernel with the patch applied to see if the patch does work at all.
 
Old 07-01-2016, 03:17 PM   #7
haary
Member
 
Registered: Apr 2015
Posts: 49

Original Poster
Rep: Reputation: Disabled
Rebuilt the kernel on 64bit with the patch applied. Still "wrong medium type" error when accessing directories. It seems that the patch did not work as expected.
 
Old 07-01-2016, 04:22 PM   #8
haary
Member
 
Registered: Apr 2015
Posts: 49

Original Poster
Rep: Reputation: Disabled
It seems, that the patch is malformed - the guys from Manjaro ran into the same issue:

https://forum.manjaro.org/t/kenel-4-...ne-2016/5001/9

https://github.com/manjaro/packages-...be0bf1eacf6628

I will test with corrected patch applied.
 
Old 07-01-2016, 04:43 PM   #9
haary
Member
 
Registered: Apr 2015
Posts: 49

Original Poster
Rep: Reputation: Disabled
Confirmed - the patch at source/k/linux-4.4.14.ecryptfs.regression.diff is malformed, therefore it doesn't work.
Correct patch is attached. With this, ecryptfs works as expected again.
Attached Files
File Type: txt ecryptfs.patch.txt (1.5 KB, 124 views)
 
3 members found this post helpful.
Old 07-01-2016, 04:58 PM   #10
dr.s
Member
 
Registered: Feb 2010
Distribution: Slackware64-14.2
Posts: 216

Rep: Reputation: 58
Quote:
Originally Posted by haary View Post
Confirmed - the patch at source/k/linux-4.4.14.ecryptfs.regression.diff is malformed, therefore it doesn't work.
Correct patch is attached. With this, ecryptfs works as expected again.
You might want to mark this thread as solved so others can benefit from your solution.
 
Old 07-02-2016, 11:15 AM   #11
haary
Member
 
Registered: Apr 2015
Posts: 49

Original Poster
Rep: Reputation: Disabled
Fixed kernel

If you are affected: ConnochaetOS slack-n-free repo provides kernel images with fixed ecryptfs kernel modules 32bit 64bit
 
Old 08-11-2016, 03:04 AM   #12
haary
Member
 
Registered: Apr 2015
Posts: 49

Original Poster
Rep: Reputation: Disabled
Meanwhile kernel 4.4.17 is released where this issue is finally fixed. All users of ecryptfs should upgrade to this kernel.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Mount ecryptfs file topher83 Linux - Security 1 07-27-2012 12:35 PM
[SOLVED] Need some information on Ecryptfs cruiser Linux - Newbie 1 10-19-2011 06:40 PM
ecryptfs mgrunt Linux - Security 3 10-19-2011 05:24 PM
eCryptfs idlehands Linux - Security 3 10-04-2010 03:22 AM
[ECRYPTFS] ecryptfs_init_miscdev: Error whilst attempting to open [/dev/ecryptfs] nitinarora Linux - Kernel 0 03-22-2010 05:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 10:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration