Encrypted home not mountable under chroot
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | dchroot (Ubuntu) |
Undecided
|
Unassigned | ||
| | ecryptfs-utils (Ubuntu) |
High
|
Unassigned | ||
| | schroot (Ubuntu) |
High
|
Unassigned | ||
Bug Description
Binary package hint: ecryptfs-utils
An schroot has the following fstab defined:
/proc /proc none rw,rbind 0 0
/sys /sys none rw,rbind 0 0
/dev /dev none rw,rbind 0 0
/home /home none rw,bind 0 0
/tmp /tmp none rw,bind 0 0
However, the encrypted home directory is not mounted properly within the chroot, nor will ecryptfs allow the private directory to be mounted manually from within the chroot:
$ schroot
W: Failed to change to directory ‘/home/codegnome’: No such file or directory
W: Falling back to directory ‘/’
I have no name!:/$ ecryptfs-
ERROR: Encrypted private directory is not setup properly
Expected behavior is that the chroot will automatically mount a currently-mounted private directory. Failing that, it should allow the user to mount the private home directory from within the chroot.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: ecryptfs-utils 87-0ubuntu1
ProcVersionSign
Uname: Linux 2.6.38-8-generic x86_64
NonfreeKernelMo
Architecture: amd64
Date: Sat Apr 23 11:26:41 2011
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Beta amd64 (20110330)
ProcEnviron:
LANGUAGE=en_US:en
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: ecryptfs-utils
UpgradeStatus: No upgrade log present (probably fresh install)
| Todd A. Jacobs (codegnome) wrote : | #1 |
| Ricardo Kirkner (ricardokirkner) wrote : | #2 |
| Dustin Kirkland (kirkland) wrote : | #3 |
Ricardo,
Thanks for the info! I'll see if there's anything I can do ecryptfs-side to get this fixed...
| Changed in ecryptfs-utils (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → High |
| Todd A. Jacobs (codegnome) wrote : | #4 |
I can confirm that Ricardo's solution works for me, too. This appears to work because the encrypted home directory is actually a sub-mount of /home, thus requiring rbind rather than bind to work. In all likelihood, this is probably correct behavior--just not intuitive or well-documented.
My recommendation is to document the issue in the schroot (and possibly ecryptfs) README, and perhaps adding a working example to the default schroot.conf file or a named sub-directory. Currently, schroot is shipping with configurations for default, desktop, minimal, and sbuild. Perhaps simply adding another configuration directory for "encrypted-desktop" or similar would be the easiest path forward.
| Dustin Kirkland (kirkland) wrote : | #5 |
Adding a task for schroot.
Basically, we need shroot to detect if a user's home directory is encrypted, and if so, modify the default profile at /etc/schroot/
/home /home none rw,rbind 0 0
instead of:
/home /home none rw,bind 0 0
| Changed in schroot (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → High |
| Niko Ehrenfeuchter (he1ix) wrote : | #6 |
Thanks a lot guys for finding the solution to this issue. Behavious is identical as described above on Maverick/10.10 (both, bug + solution).
| tags: | added: maverick |
| Dave01945 (dave01945) wrote : | #7 |
this solution doest work for me the output of /etc/mtab says it is bind but /etc/fstab is set to rbind
| Launchpad Janitor (janitor) wrote : | #8 |
Status changed to 'Confirmed' because the bug affects multiple users.
| Changed in dchroot (Ubuntu): | |
| status: | New → Confirmed |
| Ramana Radhakrishnan (ramana) wrote : | #9 |
I had the same problem and then realized that my schroot config had the following line
script-
While updating fstab in the default case might work in some cases , I had to update fstab in /etc/schroot/
Ramana
| Roger Leigh (rleigh) wrote : | #10 |
Note that we don't currently enable rbind by default due to it interacting badly with autofs. See the other bugs about this. https:/
| information type: | Public → Public Security |
| information type: | Public Security → Public |
| Tyler Hicks (tyhicks) wrote : | #11 |
Please adjust your schroot fstab to bind mount your actual home directory instead of the /home folder:
/home/tyhicks /home/tyhicks none rw,bind 0 0
Marking the ecryptfs-utils task as invalid as this is a schroot configuration issue and not an eCryptfs bug.
| Changed in ecryptfs-utils (Ubuntu): | |
| status: | Triaged → Invalid |
| Mark Carroll (r-mark-4) wrote : | #12 |
This bind to rbind fix works for me too, thank you.
I had this same issue, but I managed to work around it by changing exactly this file.
If you change
/home /home none rw,bind 0 0
to
/home /home none rw,rbind 0 0
the home folder gets mounted properly.
I hope this helps