On Thu Jan 27, 2011 at 09:49:58PM -0800, John Magolske <[email protected]> wrote: > Thanks for the helpful reply, > > * Tyler Hicks <[email protected]> [110127 21:21]: > > On Thu Jan 27, 2011 at 07:37:05PM -0800, John Magolske <[email protected]> > > wrote: > > > I'm trying to create an encrypted directory > > > [...] > > > I tried this: > > > > > > % mkdir .crypto-dir > > > % chmod 700 .crypto-dir > > > # aptitude install ecryptfs-utils > > > # modprobe ecryptfs > > > # mount -t ecryptfs .crypto-dir .crypto-dir > > > Passphrase: > > > [...] > > > > > > Then I cd'd into ~/.crypto-dir (as non-root) and created some > > > files there. But when I try to umount, I'm getting this: > > > > > > # umount .crypto-dir > > > /sbin/umount.ecryptfs: symbol lookup error: /sbin/umount.ecryptfs: > > > undefined symbol: ecryptfs_remove_auth_tok_from_keyring > > > /sbin/umount.ecryptfs: symbol lookup error: /sbin/umount.ecryptfs: > > > undefined symbol: ecryptfs_remove_auth_tok_from_keyring > > > > What does `ldd /sbin/*mount.ecryptfs` give? > > % ldd /sbin/*mount.ecryptfs > /sbin/mount.ecryptfs: > linux-gate.so.1 => (0xb7f53000) > libecryptfs.so.0 => /usr/lib/libecryptfs.so.0 (0xb7f22000) > libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7f1f000) > libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7f1a000) > libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7dd4000) > libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7d5f000) > libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7d5b000) > /lib/ld-linux.so.2 (0xb7f54000) > /sbin/umount.ecryptfs: > linux-gate.so.1 => (0xb80af000) > libecryptfs.so.0 => /usr/lib/libecryptfs.so.0 (0xb807e000) > libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb807a000) > libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7f33000) > libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7ebe000) > libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7eba000) > libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7eb7000) > /lib/ld-linux.so.2 (0xb80b0000)
Well, that's not what I was expecting. I'm going to have to look closer at a Debian system to see what I can find. > > > ecryptfs_remove_auth_tok_from_keyring() is in libecryptfs and > > umount.ecryptfs should be linked against it. I'm guessing that you > > either have an old libecryptfs laying around somewhere > > (/usr/local/lib/ ?) or something is wrong with the way that debian is > > building umount.ecryptfs. > > I've never used eCryptfs on this system or anywhere before. Also, > didn't see anything under /usr/local/lib/ ... > > > If you're just wanting umount to work without warnings/errors, > > `umount -i .crypto-dir` will work until we figure this out. That will > > bypass the eCryptfs umount helper and will just perform the unmount. > > > > Note that the eCryptfs umount helper is what removes your mount key > > from the kernel keyring. So, if you don't want the key to hang around, > > you'll need to do something like `keyctl clear @u` after umount with > > the -i flag. > > Excellent, this does the job for now. Next, to wrap up > `mount -t ecryptfs -o key= ...` in a shell script that queries > me for the passphrase. You can also perform a mount, look at the mount options in /proc/mounts, use those arguments to create an entry in /etc/fstab, and add the user option. Then, you'll just need to do the following: $ ecryptfs-add-passphrase $ mount -i ~/.crypto-dir You'll be able to do those 2 commands as a regular user and will no longer have to switch to root for the mount. Tyler > > Best regards, > > John > > > -- > John Magolske > http://B79.net/contact > > _______________________________________________ > Mailing list: https://launchpad.net/~ecryptfs-users > Post to : [email protected] > Unsubscribe : https://launchpad.net/~ecryptfs-users > More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs-users Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs-users More help : https://help.launchpad.net/ListHelp
