kernel-packages team mailing list archive

Thread
Date

[Bug 1377924] Re: ecryptfs fails to mount (Unable to link the KEY_SPEC_USER_KEYRING into the KEY_SPEC_SESSION_KEYRING)

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Eugene San <eugenesan@xxxxxxxxx>
Date: Tue, 28 Oct 2014 12:49:59 -0000
Reply-to: Bug 1377924 <1377924@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I've learned that the issue is not related to kernel version but caused
by environment under which mount is executed.

On my systems (14.04), it fails when executed inside x2go session but
manages to operate when connected via physical VT or SSH.

May be it's related to apparmor, but how x2go and ssh are different in that perspective? They both spawned as by sshd.
Also additional environments like vnc and rdp might be affected.

Below is strace of failing attempt.

===
"ecryptfs-add-passphrase --fnek" works but mount fails:
===
sudo strace mount -o no_sig_cache,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=yes,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,passwd=dummy,ecryptfs_sig=xxxxxxxxxxxxxxxx,ecryptfs_fnek_sig=yyyyyyyyyyyyyyy -t ecryptfs /media/storage/backup/home/.ecryptfs/user/.Private /media/storage/backup/home/user
...
stat("/sbin/mount.ecryptfs", {st_mode=S_IFREG|0755, st_size=25880, ...}) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fb366a0bb50) = 11423
wait4(-1, Unable to link the KEY_SPEC_USER_KEYRING into the KEY_SPEC_SESSION_KEYRING; there is something wrong with your kernel keyring. Did you build key retention support into your kernel?
[{WIFEXITED(s) && WEXITSTATUS(s) == 251}], 0, NULL) = 11423
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=11423, si_status=251, si_utime=0, si_stime=1} ---
exit_group(251)                         = ?
+++ exited with 251 +++
===


** Changed in: linux (Ubuntu)
       Status: Incomplete => Opinion

** Also affects: apparmor
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1377924

Title:
  ecryptfs fails to mount (Unable to link the KEY_SPEC_USER_KEYRING into
  the KEY_SPEC_SESSION_KEYRING)

Status in “apparmor” package in Ubuntu:
  New
Status in “linux” package in Ubuntu:
  Opinion
Status in “openssh” package in Ubuntu:
  New

Bug description:
  This is a reincarnation of Bug #1234412.

  Looks like issue is not related to specific kernel versions.

  Currently I am observing two Trusty (14.04) machines, with very close configuration, running same kernel:
  3.13.0-36-generic #63-Ubuntu SMP Wed Sep 3 21:30:07 UTC 2014 x86_64.

  One is able to mount without the problem but the other is refusing:
  $ mount -t ecryptfs sec sec
  Unable to link the KEY_SPEC_USER_KEYRING into the KEY_SPEC_SESSION_KEYRING; there is something wrong with your kernel keyring. Did you build key retention support into your kernel?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1377924/+subscriptions

References

[Bug 1377924] [NEW] ecryptfs fails to mount (Unable to link the KEY_SPEC_USER_KEYRING into the KEY_SPEC_SESSION_KEYRING)
From: Eugene San, 2014-10-06