ecryptfs-users team mailing list archive

Thread
Date

Re: Creating an encrypted directory -- cannot umount

To: ecryptfs-users@xxxxxxxxxxxxxxxxxxx
From: John Magolske <listmail@xxxxxxx>
Date: Thu, 27 Jan 2011 21:49:58 -0800
In-reply-to: <20110128050915.GA21732@boyd.l.tihix.com>
User-agent: Mutt/1.5.19 (2009-01-05)

Thanks for the helpful reply,

* Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx> [110127 21:21]:
> On Thu Jan 27, 2011 at 07:37:05PM -0800, John Magolske <listmail@xxxxxxx> wrote:
> > I'm trying to create an encrypted directory 
> > [...]
> > I tried this:
> > 
> >   % mkdir .crypto-dir
> >   % chmod 700 .crypto-dir
> >   # aptitude install ecryptfs-utils
> >   # modprobe ecryptfs
> >   # mount -t ecryptfs .crypto-dir .crypto-dir
> >   Passphrase:
> >   [...]
> > 
> > Then I cd'd into ~/.crypto-dir (as non-root) and created some
> > files there. But when I try to umount, I'm getting this:
> > 
> >   # umount .crypto-dir
> >   /sbin/umount.ecryptfs: symbol lookup error: /sbin/umount.ecryptfs:
> >   undefined symbol: ecryptfs_remove_auth_tok_from_keyring
> >   /sbin/umount.ecryptfs: symbol lookup error: /sbin/umount.ecryptfs:
> >   undefined symbol: ecryptfs_remove_auth_tok_from_keyring
> 
> What does `ldd /sbin/*mount.ecryptfs` give?

% ldd /sbin/*mount.ecryptfs
/sbin/mount.ecryptfs:
        linux-gate.so.1 =>  (0xb7f53000)
        libecryptfs.so.0 => /usr/lib/libecryptfs.so.0 (0xb7f22000)
        libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7f1f000)
        libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7f1a000)
        libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7dd4000)
        libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7d5f000)
        libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7d5b000)
        /lib/ld-linux.so.2 (0xb7f54000)
/sbin/umount.ecryptfs:
        linux-gate.so.1 =>  (0xb80af000)
        libecryptfs.so.0 => /usr/lib/libecryptfs.so.0 (0xb807e000)
        libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb807a000)
        libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7f33000)
        libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7ebe000)
        libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7eba000)
        libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7eb7000)
        /lib/ld-linux.so.2 (0xb80b0000)
 
> ecryptfs_remove_auth_tok_from_keyring() is in libecryptfs and
> umount.ecryptfs should be linked against it. I'm guessing that you
> either have an old libecryptfs laying around somewhere
> (/usr/local/lib/ ?) or something is wrong with the way that debian is
> building umount.ecryptfs.

I've never used eCryptfs on this system or anywhere before. Also,
didn't see anything under /usr/local/lib/ ...

> If you're just wanting umount to work without warnings/errors,
> `umount -i .crypto-dir` will work until we figure this out. That will
> bypass the eCryptfs umount helper and will just perform the unmount.
> 
> Note that the eCryptfs umount helper is what removes your mount key
> from the kernel keyring. So, if you don't want the key to hang around,
> you'll need to do something like `keyctl clear @u` after umount with
> the -i flag.

Excellent, this does the job for now. Next, to wrap up
`mount -t ecryptfs -o key= ...` in a shell script that queries
me for the passphrase.

Best regards,

John


-- 
John Magolske
http://B79.net/contact

Follow ups

Re: Creating an encrypted directory -- cannot umount
From: Tyler Hicks, 2011-01-28

References

Creating an encrypted directory -- cannot umount
From: John Magolske, 2011-01-28
Re: Creating an encrypted directory -- cannot umount
From: Tyler Hicks, 2011-01-28