Public bug reported: Binary package hint: libpam-mount
libpam-mount fails to detect an already mounted volume when using an encrypted LUKS loopback file. This results in the file being mounted several times at once, leading to file system corruption. The effects of this bug are similar to the one at http://bugs.debian.org /cgi-bin/bugreport.cgi?bug=358916 but the cause and fix are different. There is conflicting behavior between the standard mount command and libpam-mount's mount.crypt command. libpam-mount runs the following command: mount -t crypt -ouser,loop /home/dap.img /home/dap This command internally runs /sbin/mount.crypt with (mostly) the same arguments. However, it looks like the mount command intercepts the "-o loop" option and performs a loopback setup of its own, then passes the /dev/loop0 block device to mount.crypt instead of /home/dap.img. The resulting command run by mount is something like this: mount.crypt -ouser,loop /dev/loop0 /home/dap The problem lies in the fact that the mount.crypt script expects the first pathname argument to be the loopback image file, not an already attached loopback block device. As a result mount.crypt does an additional losetup, linking /dev/loop0 to /dev/loop1. So now we have /home/dap.img -> /dev/loop0 (set up by mount), and /dev/loop0 -> /dev/loop1 -> /home/dap (set up by mount.crypt). When a second login happens, libpam-mount first checks the mount table to see if it needs to do the mount or not. However, it is looking for a mountpoint with /dev/mapper/_home_dap.img as the source, not /dev/mapper/_dev_loop1. It decides that /home/dap.img is not already mounted and does it again. To replicate the problem (as root): # create a file based encrypted file system image mkdir /var/tmp/test dd if=/dev/urandom of=/var/tmp/test.img bs=1M count=20 losetup /dev/loop0 /var/tmp/test.img cryptsetup luksOpen /dev/loop0 test mkfs.ext3 /dev/mapper/test cryptsetup luksClose test losetup -d /dev/loop0 # mount the file like libpam-crypt would when logging in mount -t crypt -oloop,user /var/tmp/test.img /var/tmp/test # check mount table and loopback configuration mount losetup /dev/loop0 losetup /dev/loop1 My temporary (and horrible) fix is to stop mount.crypt from doing its own loopback setup, since that is apparently handled automatically before the script is run: [EMAIL PROTECTED]:/# diff -uNr /root/pam_mount/bad/mount.crypt /sbin/mount.crypt --- /root/pam_mount/bad/mount.crypt 2007-01-12 05:13:31.000000000 -0800 +++ /sbin/mount.crypt 2007-11-04 21:38:53.000000000 -0800 @@ -129,8 +129,11 @@ done IFS="$OLDIFS"; +LOOP=false if [ "$LOOP" == true ]; then + echo "mount.crypt loopback file: $DEVICE" >&2 DEVICE=`_losetup "$DEVICE"`; + echo "mount.crypt loopback device: $DEVICE" >&2 fi # if loop device, make device mapper name based on file pointed to Maybe there is some way to tell the parent mount command not to do any automatic processing? I am running on Gutsy, upgraded from Feisty (wasn't using libpam-mount with Feisty). I also have log and conf files if they would be helpful. Thanks! ** Affects: libpam-mount (Ubuntu) Importance: Undecided Status: New -- LUKS encrypted loopback files get double mounted, filesystem corruption follows https://bugs.launchpad.net/bugs/160124 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
