I have configured pam_mount to automatically mount a LUKS-encrypted volume on a user's home directory.
I have added the following line to /etc/security/pam_mount.conf.xml
<volume user="foo" fstype="crypt" path="/dev/mapper/bar-foo" mountpoint="/home/foo" options="fsck,noatime" />
"bar" is an LVM group and "bar-foo" is a logical volume, if that makes any difference.
I have also added the following lines to /etc/pam.d/login and /etc/pam.d/su:
auth optional pam_mount.so session optional pam_mount.so
Both lines have been added to the end of their respective chains (i.e. auth optional pam_mount.so is the last "auth" statement). The wiki recommends a "password" line too, but the current pam_mount man pages only recommend "auth" and "session". I noticed no difference when including the "password" line so I left it out.
This setup works. When I log in as foo, the encrypted volume is mounted at /home/foo and remains mounted until the last session of foo logs out.
The problem is that whenever I log in with any account or su, I get the following error messages:
ehd_logctl: feature 1 is already zero ehd_logctl: feature 1 is already zero
I've tried modifying /etc/security/pam_mount.conf.xml but I was unable to suppress those messages. The message is in the pam_mount log.c file. I haven't debugged it further than that because I suspect that it's a configuration error on my part. I didn't find anything when searching for that message
The other issue is that when I log in with foo, I get additional messages:
ehd_logctl: feature 1 is already zero ehd_logctl: feature 1 is already zero (mount.c:68): Messages from underlying mount program: (mount.c:72): NOTE: mount.crypt does not support utab (systems with no mtab or read-only mtab) yet. This means that you will temporarily need to call umount.crypt(8) rather than umount(8) to get crypto volumes unmounted. (mount.c:72): crypt_activate_by_passphrase: File exists (pam_mount.c:522): mount of /dev/mapper/bar-foo failed
The NOTE is just a temporary warning, but what follows indicates that it's trying to remount the device, i.e. that it's failing to detect that it's already up. The only information I've found about this is here, but that doesn't provide an applicable solution.
Am I doing something wrong?
I'm getting similar messages for months now. My volume mounts correctly, and I can use it without problems. The fact is pam_mount didn't show any error until some update months ago (I think the whole thing started when kernel 3.x entered core repo).
Did you found a solution?
Did you found a solution?
I wrote a patch to suppress the errors. I have been using it since shortly after I posted this thread without further problems. I have uploaded it along with a PKGBUILD here if you would like to try it.
The rest of this post is just a brief explanation of the patch.
The error is generated when the code detects that a certain value is zero and a request has been made to set it to zero. Presumably this indicates some failed assumption elsewhere in the code, but it does not seem to affect anything. It also seems to me that the error is incorrectly reported using fprint instead of their warning macro (w4rn).
The patch changes the code to use the warning macro and suppresses some logging. If I remember correctly, logging is supposed to be configurable but I think there was another bug in the code that prevented it. I may be wrong though. I haven't looked at it in several months.