Re: ecryptfs doesn´t like noauto and noatime

[Tyler Hicks <tyhicks@canonical.com>]

[-- Attachment #1: Type: text/plain, Size: 2603 bytes --]

On 2012-01-16 10:44:21, Martin Steigerwald wrote:
> Hi!
> 
> I have
> 
> merkaba:~> grep ecrypt /etc/fstab
> /home/.ms               /home/ms                ecryptfs        
> noatime,noauto  0       0
> 
> And get:
> 
> merkaba:~> mount /home/ms

Is this the *exact* mount command that you're running? You're not
invoking /sbin/mount.ecryptfs directly, using mount -t ecryptfs, or
anything else?

> Passphrase: 
> Attempting to mount with the following options:
>   ecryptfs_unlink_sigs
>   ecryptfs_fnek_sig=0408d19ec184c207
>   ecryptfs_key_bytes=32
>   ecryptfs_cipher=aes
>   ecryptfs_sig=0408d19ec184c207
> Error mounting eCryptfs: [-5] Input/output error
> Check your system logs; visit <http://launchpad.net/ecryptfs>
> 
> 
> Still it works.
> 
> 
> In dmesg I see:
> 
> [ 2657.888355] ecryptfs_parse_options: eCryptfs: unrecognized option 
> [noauto]
> [ 2657.888359] ecryptfs_parse_options: eCryptfs: unrecognized option 
> [noatime]

Neither of these options should be making their way to the kernel in the
string form. noauto is consumed by the mount utility and should be
stripped out entirely before constructing the final mount options string
for the kernel. noatime should be stripped out and converted into a
mountflags bit (see man 2 mount).

It looks like ecryptfs_generate_mount_flags() is incomplete since it
forgets to handle some options (at least noatime and noauto). I created
bug #917509 to track this:

https://launchpad.net/bugs/917509

Tyler

> [ 2657.913215] alg: No test for __gcm-aes-aesni (__driver-gcm-aes-aesni)
> 
> 
> Thus I removed at least noatime, but then I still see:
> 
> [ 2839.460200] ecryptfs_parse_options: eCryptfs: unrecognized option 
> [noauto]
> 
> 
> On could argue about noatime when ecryptfs doesn´t override the setting of 
> the underlying filesystem - i.e. doesn´t write the atime itself. But I 
> think noauto should be silently ignored.
> 
> Without noatime it would ask me the passwort upon boot, but I do not like 
> that since I do not use that user everytime.
> 
> I could use mounting via pam, but I like to have a different password for 
> the user stored in /etc/shadow than the password from the filesystem 
> itself.
> 
> 
> Thanks,
> -- 
> Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
> GPG: 03B0 0D6C 0040 0710 4AFA  B82F 991B EAAC A599 84C7
> --
> To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]