On Fri, Feb 29, 2008 at 12:28:01PM +0100, Benedikt Driessen wrote: > I'd like to begin with two issues which seem to affect only the > pkcs11_helper-module. > > 1. Entering a PIN via ssh-askpass (or equivalent) does NOT work, > the kernel<->userspace communication seems to be disrupted by the > fork() in daemon.c::prompt_callback(). (I already saw this issue > floating around some time ago..). And yes, I set the timeout value > to "10". > > 2. None of the parameters in ~/.ecryptfsrc.pkcs11 for pkcs11-provider > (e.g. name=xy,library=xy..) seems to be optional, in case the line beginning > with pkcs11-provider does not end with private-mask=xy, the provider library > will not be loaded and eCryptfs will fail with meaningless messages (at > least in non-debug mode).
Alon is probably the best person right now to respond regarding issues with the pkcs11-helper key module. > The following issues seems to be a problem of eCryptfs itself: > > 3. When using kernel 2.6.24 and loading the ecryptfs module, > everything is fine. When I start the ecryptfsd the system crashes > (I'm starting ecryptfsd as root). This is a known bug in eCryptfs+netlink in 2.6.24. I am working on a replacement mechanism for communicating with userspace via procfs instead. In the meantime, some debug work is needed to find out why netlink support in eCryptfs broke between 2.6.23 and 2.6.24. > 4. <!> Data gets corrupted when I do something like the following > (using the pkcs11_helper key module..) <!> > > $ mkdir secret > > $ mount -t ecryptfs secret secret > > $ echo "abc" > secret/test > > $ cat secret/test > > abc > > $ umount secret > > $ mount -t ecryptfs secret secret > > $ echo "def" >> secret/test > > $ cat secret/test > > def Yup; this is a bug all right. I'm surprised it hasn't hit anyone's radar until now. I'll look into it. Mike
pgpFbZIIWLHug.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ eCryptfs-devel mailing list eCryptfs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ecryptfs-devel