You are not logged in.
- Topics: Active | Unanswered
#1 2017-10-12 07:02:09
- emkay1
- Member
- Registered: 2016-01-05
- Posts: 13
systemd 235.0-1 kills ecryptfs mounting / inserting into keyring
There seems to be a major flaw about systemd 235.0 and session keyrings:
When trying to mount an ecryptfs mount point I get the following errors in journal:
Okt 12 08:46:09 alarm kernel: Could not find key with description: [93ea5779080204e7]
Okt 12 08:46:09 alarm kernel: process_request_key_err: No key
Okt 12 08:46:09 alarm kernel: Could not find valid key in user session keyring for sig specified in mount option: [93ea5779080204e7]
Okt 12 08:46:09 alarm kernel: One or more global auth toks could not properly register; rc = [-2]
Okt 12 08:46:09 alarm kernel: Error parsing options; rc = [-2]This happen with new systemd 235.0-1. Using the previous version (234.11-9) everything works as expected.
Using the command "keyctl show" I can see, that the session keyring does not contain any keys that I did insert with the "ecryptfs-insert-wrapped-passphrase-into-keyring" command (in contrast to the good version).
Last edited by emkay1 (2017-10-12 07:50:50)
Offline
#2 2017-10-12 07:06:33
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,424
- Website
Re: systemd 235.0-1 kills ecryptfs mounting / inserting into keyring
Please paste the output of `pacman -Qi systemd linux`
Offline
#3 2017-10-12 07:21:32
- emkay1
- Member
- Registered: 2016-01-05
- Posts: 13
Re: systemd 235.0-1 kills ecryptfs mounting / inserting into keyring
The working version lists this output (do you need the output for the defective version 235.0-1 as well?):
Name : systemd
Version : 234.11-9
Beschreibung : system and service manager
Architektur : x86_64
URL : [url]https://www.github.com/systemd/systemd[/url]
Lizenzen : GPL2 LGPL2.1
Gruppen : base-devel
Stellt bereit : nss-myhostname systemd-tools=234.11 udev=234.11
Hängt ab von : acl bash cryptsetup dbus iptables kbd kmod hwids libcap libgcrypt libsystemd libidn lz4 pam libelf libseccomp util-linux xz
Optionale Abhängigkeiten : libmicrohttpd: remote journald capabilities
quota-tools: kernel-level quota management
systemd-sysvcompat: symlink package to provide sysvinit binaries [Installiert]
polkit: allow administration as unprivileged user [Installiert]
Benötigt von : colord cups cups-filters dhcpcd libpulse mkinitcpio netctl pcmciautils php-fpm polkit systemd-sysvcompat
Optional für : Nichts
In Konflikt mit : nss-myhostname systemd-tools udev
Ersetzt : nss-myhostname systemd-tools udev
Installationsgröße : 18,23 MiB
Packer : Sébastien Luttringer <seblu@seblu.net>
Erstellt am : Mo 11 Sep 2017 22:12:01 CEST
Installiert am : Do 12 Okt 2017 08:48:14 CEST
Installationsgrund : Installiert als Abhängigkeit für ein anderes Paket
Installations-Skript : Ja
Verifiziert durch : Nichts
Name : linux
Version : 4.13.5-1
Beschreibung : The Linux kernel and modules
Architektur : x86_64
URL : [url]https://www.kernel.org/[/url]
Lizenzen : GPL2
Gruppen : base
Stellt bereit : Nichts
Hängt ab von : coreutils linux-firmware kmod mkinitcpio>=0.7
Optionale Abhängigkeiten : crda: to set the correct wireless channels of your country
Benötigt von : Nichts
Optional für : Nichts
In Konflikt mit : Nichts
Ersetzt : Nichts
Installationsgröße : 92,71 MiB
Packer : Tobias Powalowski <tpowa@archlinux.org>
Erstellt am : Fr 06 Okt 2017 10:00:30 CEST
Installiert am : Do 12 Okt 2017 08:59:32 CEST
Installationsgrund : Ausdrücklich installiert
Installations-Skript : Ja
Verifiziert durch : SignaturLast edited by emkay1 (2017-10-12 07:50:32)
Offline
#4 2017-10-12 07:23:51
- emkay1
- Member
- Registered: 2016-01-05
- Posts: 13
Re: systemd 235.0-1 kills ecryptfs mounting / inserting into keyring
This is the output for the defective version:
Name : systemd
Version : 235.0-1
Beschreibung : system and service manager
Architektur : x86_64
URL : [url]https://www.github.com/systemd/systemd[/url]
Lizenzen : GPL2 LGPL2.1
Gruppen : base-devel
Stellt bereit : nss-myhostname systemd-tools=235.0 udev=235.0
Hängt ab von : acl bash cryptsetup dbus iptables kbd kmod hwids libcap libgcrypt libsystemd libidn lz4 pam libelf libseccomp util-linux xz
Optionale Abhängigkeiten : libmicrohttpd: remote journald capabilities
quota-tools: kernel-level quota management
systemd-sysvcompat: symlink package to provide sysvinit binaries [Installiert]
polkit: allow administration as unprivileged user [Installiert]
Benötigt von : colord cups cups-filters dhcpcd libpulse mkinitcpio netctl pcmciautils php-fpm polkit systemd-sysvcompat
Optional für : Nichts
In Konflikt mit : nss-myhostname systemd-tools udev
Ersetzt : nss-myhostname systemd-tools udev
Installationsgröße : 18,49 MiB
Packer : Christian Hesse <arch@eworm.de>
Erstellt am : Fr 06 Okt 2017 11:19:14 CEST
Installiert am : Do 12 Okt 2017 09:22:40 CEST
Installationsgrund : Installiert als Abhängigkeit für ein anderes Paket
Installations-Skript : Ja
Verifiziert durch : Signatur
Name : linux
Version : 4.13.5-1
Beschreibung : The Linux kernel and modules
Architektur : x86_64
URL : [url]https://www.kernel.org/[/url]
Lizenzen : GPL2
Gruppen : base
Stellt bereit : Nichts
Hängt ab von : coreutils linux-firmware kmod mkinitcpio>=0.7
Optionale Abhängigkeiten : crda: to set the correct wireless channels of your country
Benötigt von : Nichts
Optional für : Nichts
In Konflikt mit : Nichts
Ersetzt : Nichts
Installationsgröße : 92,71 MiB
Packer : Tobias Powalowski <tpowa@archlinux.org>
Erstellt am : Fr 06 Okt 2017 10:00:30 CEST
Installiert am : Do 12 Okt 2017 08:59:32 CEST
Installationsgrund : Ausdrücklich installiert
Installations-Skript : Ja
Verifiziert durch : SignaturLast edited by emkay1 (2017-10-12 07:50:19)
Offline
#5 2017-10-12 07:31:31
- emkay1
- Member
- Registered: 2016-01-05
- Posts: 13
Re: systemd 235.0-1 kills ecryptfs mounting / inserting into keyring
"keyctl show" for the good version:
Session Keyring
87034951 --alswrv 0 65534 keyring: _uid_ses.0
378599786 --alswrv 0 65534 \_ keyring: _uid.0
343506036 --alswrv 0 0 \_ user: b3f444e1348ea69f
425129823 --alswrv 0 0 \_ user: 8cc61a725e780b94
871062438 --alswrv 0 0 \_ user: 5f4ed5d10ebe127c
437269071 --alswrv 0 0 \_ user: 93ea5779080204e7"keyctl show" for the bad version:
Session Keyring
657781657 --alswrv 0 65534 keyring: _ses
409974650 --alswrv 0 65534 \_ keyring: userLast edited by emkay1 (2017-10-12 07:49:59)
Offline
#6 2017-10-12 07:40:33
- emkay1
- Member
- Registered: 2016-01-05
- Posts: 13
Re: systemd 235.0-1 kills ecryptfs mounting / inserting into keyring
It seems there is already a bug report about this: https://bugs.archlinux.org/task/55943
P.S.: Sorry for the many replies. Will do better in the future!
Last edited by emkay1 (2017-10-12 07:48:58)
Offline
#7 2017-10-12 07:44:00
- WorMzy
- Forum Moderator
- From: Scotland
- Registered: 2010-06-16
- Posts: 11,845
- Website
Re: systemd 235.0-1 kills ecryptfs mounting / inserting into keyring
Please stop multi-posting. If you have more information to add to your post, and you are the last person to post something, please use the edit button to append the information to your post.
Also, please use code tags: https://wiki.archlinux.org/index.php/Co … s_and_code
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Offline
#8 2017-10-13 22:12:46
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,323
Re: systemd 235.0-1 kills ecryptfs mounting / inserting into keyring
Would be useful if a few more users posted the output of `keyctl show` or indicate if it looks like one of the following
Session Keyring
87034951 --alswrv 0 65534 keyring: _uid_ses.0
378599786 --alswrv 0 65534 \_ keyring: _uid.0A differences keyring: _uid_ses.$UID with a keyring _uid.$UID attached (systemd 234.11-9)
Session Keyring
657781657 --alswrv 0 65534 keyring: _ses
409974650 --alswrv 0 65534 \_ keyring: userB differences keyring: _ses.$UID with a keyring user attached (systemd 235.0-1)
Session Keyring
700632667 --alswrv 0 0 keyring: _ses
128926383 ----s-rv 0 0 \_ user: invocation_idC differences keyring: _ses.$UID with _user:invocation_id attached (systemd 235.0-1)
D None of the above
Offline
#9 2017-10-13 22:31:55
- Slithery
- Administrator
- From: Norfolk, UK
- Registered: 2013-12-01
- Posts: 5,776
Re: systemd 235.0-1 kills ecryptfs mounting / inserting into keyring
systemd 235.0-1
slithery@red:~$ keyctl show
Session Keyring
309319314 --alswrv 1000 1000 keyring: _ses
437443497 --alswrv 1000 65534 \_ keyring: _uid.1000Offline
#10 2017-11-03 17:26:38
- marcho
- Member
- Registered: 2017-11-03
- Posts: 1
Re: systemd 235.0-1 kills ecryptfs mounting / inserting into keyring
Apparently the kernel is giving a bit of a faulty message. The issue is not that the user session keyring does not have the given key, but that it was not linked to the session keyring. Use "keyctl show @us" to show user-session keyring, and "keyctl show @s" to show session keyring.
Some more info here, including the maintainer's response:
https://www.spinics.net/lists/keyrings/msg03243.html
The way to fix this is to include pam_keyinit in the relevant file in /etc/pam.d/(gdm_password,sshd?), but make sure it's not overly permissive (like giving it to systemd in general) because then all processes have access to the credentials.
Offline
#11 2017-11-08 01:25:30
- loqs
- Member
- Registered: 2014-03-06
- Posts: 17,323
Re: systemd 235.0-1 kills ecryptfs mounting / inserting into keyring
@marcho are you experiencing the issue? pam_keyinit was already added to /etc/pam.d/system-login the issue for emkay1 was using sshd with a configuration that did not use pam as is covered in the linked bug report.
Offline