ecryptfs team mailing list archive

Thread
Date
[Bug 426272] Re: Encrypted home directory file Input/output error

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Dustin Kirkland <dustin.kirkland@xxxxxxxxx>
Date: Wed, 09 Sep 2009 16:20:22 -0000
Reply-to: Bug 426272 <426272@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Hi Duncan-

Thanks for the detailed bug report.  Something strange is going on here.

I have an idea of what might have happened.  Hopefully you can confirm.

With an encrypted home setup, your home directory has two different
"states"...mounted and unmounted.

When your $HOME is unmounted, it will have permissions 500, such that
you can't inadvertently write unencrypted data to $HOME.  However, this
doesn't prevent root from writing data there.

Once your $HOME is mounted, you'll see that entry in your mount table.
And the permissions on $HOME will change to 700, such that your user can
read/write into that mountpoint.

>From the errors you're seeing, it looks to me like you copied the files
the kernel is complaining about into the mountpoint when your home
directory was *not* mounted, probably as root.  Can you confirm or deny
this?

To establish the encrypted mount point, you need to first login as your
user, and then copy your existing data (like .gnupg) into $HOME.

:-Dustin

** Changed in: ecryptfs-utils (Ubuntu)
       Status: New => Incomplete

-- 
Encrypted home directory file Input/output error
https://bugs.launchpad.net/bugs/426272
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” package in Ubuntu: Incomplete

Bug description:
This is a fresh install of karmic koala alpha-5 (Ubuntu karmic (development branch)) on a new machine using the alternate install CCD (required LVM+software RAID).
The "encrypt home directory" option was selected during the install.  

Once complete I was unable to log in via GDM. This reported problems accessing the $HOME/.ICEauthority file.  
Logging in via the console was possible.  Attempts to read or modify (chown||chmod) the  .ICEauthority file as the user or  root (again from console) failed with "Input/output error".  Ultimately this was resolved by deleting then recreating (touch .ICEauthority) the file as root.

I have now encountered the same problem accessing files in the $HOME/.gnupg directory while trying to import keys.
A simple script which does an fopen()/fclose() on all files under $HOME when run as either the user or root returns:

Unable to open /home/djf/.compiz-gnomecompat
Unable to open /home/djf/.pulse-cookie
Unable to open /home/djf/gnupg/secring.gpg 
Unable to open /home/djf/gnupg/gpg.conf      
Unable to open /home/djf/gnupg/trustdb.gpg  
Unable to open /home/djf/gnupg/pubring.gpg
Unable to open /home/djf/.config/compiz/compizconfig/config
Unable to open /home/djf/.config/user-dirs.locale
Unable to open /home/djf/.dbus/session-bus/5cf1f2eb5de5eb7933fc8c964aa0e4c9-0
Unable to open /home/djf/.cache/compizconfig/cubeaddon.pb
Unable to open /home/djf/.cache/notify-osd.log
Unable to open /home/djf/.cache/event-sound-cache.tdb.5cf1f2eb5de5eb7933fc8c964aa0e4c9.x86_64-pc-linux-gnu
Unable to open /home/djf/.pulse/5cf1f2eb5de5eb7933fc8c964aa0e4c9-device-volumes.tdb
Unable to open /home/djf/.pulse/5cf1f2eb5de5eb7933fc8c964aa0e4c9-card-database.tdb
Unable to open /home/djf/.pulse/5cf1f2eb5de5eb7933fc8c964aa0e4c9-stream-volumes.tdb

All of these files are owned by the user in question:
djf@unicorn:~/bug$ ls -l /home/djf/.pulse-cookie
-rw------- 1 djf djf 12288 2009-09-07 10:42 /home/djf/.pulse-cookie

The files in gnupg were copied (cp $src $dest) from .gnupg
Between discovering problem .gnupg files and running the script they started to behave - possibly due to running software-properties-gkt being run in that interval (?).

As an example of the access error:
djf@unicorn:~$ cat /home/djf/.config/compiz/compizconfig/config
cat: /home/djf/.config/compiz/compizconfig/config: Input/output error

dmesg gains another of these messages for each failed access:
[87804.727437] Valid eCryptfs headers not found in file header region or xattr region
[87804.727441] Either the lower file is not in a valid eCryptfs format, or the key could not be retrieved. Plaintext passthrough mode is not enabled; returning -EIO

This may also explain why pulseaudio appears to be suffering (device manager says "connection refused",
hence no sources or sinks).

The machine has 2 1TB HDD configured as 3 x software raid 1:
/dev/md0 == /boot                                     (29.80 GB)    ext2
/dev/md1 == encrypted swap                    (29.80 GB)
/dev/md2 == LVM volume group vg00
    /dev/mapper/vg00-root00  == /             (29.80 GB)    ext4
    /dev/mapper/vg00-home00  == /home (29.80 GB)    ext4, user directories encrypted.
    /dev/mapper/vg00-snap00 == /snap     (29.80 GB)    ext4
    /dev/mapper/vg00-data00 == /data      (782.51 GB)   ext4

The encrypted home directory uses the default install, mount reports:
/home/djf/.Private on /home/djf type ecryptfs (ecryptfs_sig=XXXXXX,ecryptfs_fnek_sig=XXXXXX,ecryptfs_cipher=aes,ecryptfs_key_bytes=16)