Encrypted home not mountable under chroot

Bug #769595 reported by Todd A. Jacobs
42
This bug affects 8 people
Affects Status Importance Assigned to Milestone
schroot (Ubuntu)
Triaged
High
Unassigned

Bug Description

Binary package hint: ecryptfs-utils

An schroot has the following fstab defined:

/proc /proc none rw,rbind 0 0
/sys /sys none rw,rbind 0 0
/dev /dev none rw,rbind 0 0
/home /home none rw,bind 0 0
/tmp /tmp none rw,bind 0 0

However, the encrypted home directory is not mounted properly within the chroot, nor will ecryptfs allow the private directory to be mounted manually from within the chroot:

$ schroot
W: Failed to change to directory ‘/home/codegnome’: No such file or directory
W: Falling back to directory ‘/’
I have no name!:/$ ecryptfs-mount-private
ERROR: Encrypted private directory is not setup properly

Expected behavior is that the chroot will automatically mount a currently-mounted private directory. Failing that, it should allow the user to mount the private home directory from within the chroot.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: ecryptfs-utils 87-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2
Uname: Linux 2.6.38-8-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Sat Apr 23 11:26:41 2011
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Beta amd64 (20110330)
ProcEnviron:
 LANGUAGE=en_US:en
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: ecryptfs-utils
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Todd A. Jacobs (codegnome) wrote :
Revision history for this message
Ricardo Kirkner (ricardokirkner) wrote :

I had this same issue, but I managed to work around it by changing exactly this file.

If you change

/home /home none rw,bind 0 0

to

/home /home none rw,rbind 0 0

the home folder gets mounted properly.

I hope this helps

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Ricardo,

Thanks for the info! I'll see if there's anything I can do ecryptfs-side to get this fixed...

Changed in ecryptfs-utils (Ubuntu):
status: New → Triaged
importance: Undecided → High
Revision history for this message
Todd A. Jacobs (codegnome) wrote :

I can confirm that Ricardo's solution works for me, too. This appears to work because the encrypted home directory is actually a sub-mount of /home, thus requiring rbind rather than bind to work. In all likelihood, this is probably correct behavior--just not intuitive or well-documented.

My recommendation is to document the issue in the schroot (and possibly ecryptfs) README, and perhaps adding a working example to the default schroot.conf file or a named sub-directory. Currently, schroot is shipping with configurations for default, desktop, minimal, and sbuild. Perhaps simply adding another configuration directory for "encrypted-desktop" or similar would be the easiest path forward.

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Adding a task for schroot.

Basically, we need shroot to detect if a user's home directory is encrypted, and if so, modify the default profile at /etc/schroot/default/fstab to use:
  /home /home none rw,rbind 0 0
instead of:
  /home /home none rw,bind 0 0

Changed in schroot (Ubuntu):
status: New → Triaged
importance: Undecided → High
Revision history for this message
Niko Ehrenfeuchter (he1ix) wrote :

Thanks a lot guys for finding the solution to this issue. Behavious is identical as described above on Maverick/10.10 (both, bug + solution).

tags: added: maverick
Revision history for this message
Dave01945 (dave01945) wrote :

this solution doest work for me the output of /etc/mtab says it is bind but /etc/fstab is set to rbind

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in dchroot (Ubuntu):
status: New → Confirmed
Revision history for this message
Ramana Radhakrishnan (ramana) wrote :

I had the same problem and then realized that my schroot config had the following line

script-config=desktop/config

While updating fstab in the default case might work in some cases , I had to update fstab in /etc/schroot/desktop/fstab and then it all worked.

Ramana

Revision history for this message
Roger Leigh (rleigh) wrote :

Note that we don't currently enable rbind by default due to it interacting badly with autofs. See the other bugs about this. https://bugs.launchpad.net/ubuntu/+source/schroot/+bug/791908

IbuntuZ (ibrob00)
information type: Public → Public Security
David Planella (dpm)
information type: Public Security → Public
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Please adjust your schroot fstab to bind mount your actual home directory instead of the /home folder:

  /home/tyhicks /home/tyhicks none rw,bind 0 0

Marking the ecryptfs-utils task as invalid as this is a schroot configuration issue and not an eCryptfs bug.

Changed in ecryptfs-utils (Ubuntu):
status: Triaged → Invalid
Revision history for this message
Mark Carroll (r-mark-4) wrote :

This bind to rbind fix works for me too, thank you.

Mathew Hodson (mhodson)
no longer affects: dchroot (Ubuntu)
no longer affects: ecryptfs-utils (Ubuntu)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.