Encrypted Home mount regression when eCryptfs is built as a module
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eCryptfs |
Fix Released
|
High
|
Tyler Hicks |
Bug Description
ecryptfs-utils-99 is affected by this regression.
The privilege dropping changes contributed in bug #1020904 caused a regression when eCryptfs is built as a kernel module and the module is not loaded when the Encrypted Home user first logs in.
When the user logs in, their home directory will not be properly mounted. This error message will be found in the auth.log:
pam_ecryptfs: Can't check if kernel supports ecryptfs
pam_ecryptfs attempts to load the eCryptfs kernel module and errors out because that fails. The module load is attempted after the privileges have been dropped, so this will always fail.
Workaround:
Add ecryptfs to the list of modules to be autoloaded at boot. /etc/modules is the appropriate file to modify in Ubuntu.
I tried to simply remove the ecryptfs_ get_version( ) call from pam_sm_ authenticate( ) but that resulted in a strange race condition where the module was loaded, the mount was performed, but filenames were not decrypted.
I believe removing the ecryptfs_ get_version( ) call is the correct fix, but more investigation is needed to understand/correct the race condition.