ecryptfs-users team mailing list archive
-
ecryptfs-users team
-
Mailing list archive
-
Message #00046
Re: Creating an encrypted directory -- cannot umount
On Thu Jan 27, 2011 at 09:49:58PM -0800, John Magolske <listmail@xxxxxxx> wrote:
> Thanks for the helpful reply,
>
> * Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx> [110127 21:21]:
> > On Thu Jan 27, 2011 at 07:37:05PM -0800, John Magolske <listmail@xxxxxxx> wrote:
> > > I'm trying to create an encrypted directory
> > > [...]
> > > I tried this:
> > >
> > > % mkdir .crypto-dir
> > > % chmod 700 .crypto-dir
> > > # aptitude install ecryptfs-utils
> > > # modprobe ecryptfs
> > > # mount -t ecryptfs .crypto-dir .crypto-dir
> > > Passphrase:
> > > [...]
> > >
> > > Then I cd'd into ~/.crypto-dir (as non-root) and created some
> > > files there. But when I try to umount, I'm getting this:
> > >
> > > # umount .crypto-dir
> > > /sbin/umount.ecryptfs: symbol lookup error: /sbin/umount.ecryptfs:
> > > undefined symbol: ecryptfs_remove_auth_tok_from_keyring
> > > /sbin/umount.ecryptfs: symbol lookup error: /sbin/umount.ecryptfs:
> > > undefined symbol: ecryptfs_remove_auth_tok_from_keyring
> >
> > What does `ldd /sbin/*mount.ecryptfs` give?
>
> % ldd /sbin/*mount.ecryptfs
> /sbin/mount.ecryptfs:
> linux-gate.so.1 => (0xb7f53000)
> libecryptfs.so.0 => /usr/lib/libecryptfs.so.0 (0xb7f22000)
> libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7f1f000)
> libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7f1a000)
> libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7dd4000)
> libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7d5f000)
> libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7d5b000)
> /lib/ld-linux.so.2 (0xb7f54000)
> /sbin/umount.ecryptfs:
> linux-gate.so.1 => (0xb80af000)
> libecryptfs.so.0 => /usr/lib/libecryptfs.so.0 (0xb807e000)
> libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb807a000)
> libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7f33000)
> libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7ebe000)
> libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7eba000)
> libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7eb7000)
> /lib/ld-linux.so.2 (0xb80b0000)
Well, that's not what I was expecting. I'm going to have to look closer
at a Debian system to see what I can find.
>
> > ecryptfs_remove_auth_tok_from_keyring() is in libecryptfs and
> > umount.ecryptfs should be linked against it. I'm guessing that you
> > either have an old libecryptfs laying around somewhere
> > (/usr/local/lib/ ?) or something is wrong with the way that debian is
> > building umount.ecryptfs.
>
> I've never used eCryptfs on this system or anywhere before. Also,
> didn't see anything under /usr/local/lib/ ...
>
> > If you're just wanting umount to work without warnings/errors,
> > `umount -i .crypto-dir` will work until we figure this out. That will
> > bypass the eCryptfs umount helper and will just perform the unmount.
> >
> > Note that the eCryptfs umount helper is what removes your mount key
> > from the kernel keyring. So, if you don't want the key to hang around,
> > you'll need to do something like `keyctl clear @u` after umount with
> > the -i flag.
>
> Excellent, this does the job for now. Next, to wrap up
> `mount -t ecryptfs -o key= ...` in a shell script that queries
> me for the passphrase.
You can also perform a mount, look at the mount options in
/proc/mounts, use those arguments to create an entry in /etc/fstab, and
add the user option. Then, you'll just need to do the following:
$ ecryptfs-add-passphrase
$ mount -i ~/.crypto-dir
You'll be able to do those 2 commands as a regular user and will no
longer have to switch to root for the mount.
Tyler
>
> Best regards,
>
> John
>
>
> --
> John Magolske
> http://B79.net/contact
>
> _______________________________________________
> Mailing list: https://launchpad.net/~ecryptfs-users
> Post to : ecryptfs-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ecryptfs-users
> More help : https://help.launchpad.net/ListHelp
Follow ups
References