Kernel missing /proc/keys

Bug #1344405 reported by Will Merkens on 2014-07-18
This bug affects 4 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Tim Gardner
Tim Gardner
Tim Gardner

Bug Description

lsb_release -rd
Description: Ubuntu 14.04 LTS
Release: 14.04

apt-cache policy linux-generic

  Version table: 0
        500 trusty-updates/main amd64 Packages
        500 trusty-security/main amd64 Packages
 *** 0
        500 trusty/main amd64 Packages
        100 /var/lib/dpkg/status


When attempting to clear NFS uid/gid cache I ran nfsidmap -c

expected Result
no response, nfsidmap does not return anything if it completes properly

[root@quebec ~]# nfsidmap -c
[root@quebec ~]#

What did happen

root@u1404vm:~# nfsidmap -c
nfsidmap: fopen(/proc/keys) failed: No such file or directory

I checked /proc and the /proc/key-users file and the /proc/sys/kernel/keys directory were there.

I Looked up Kernel Key Management and saw that /proc/keys was needed to hold the key pairs used by the kernel.

 From Google'ng the following kernel option needs to be enabled


or /proc/keys does not get created.

I checked /boot/config-3.13.0-24-generic and that option is not enabled.

I checked this on both Centos 6.5/7 and Mageia and they are enabled and /proc/keys exist, nfsidmap -c works.

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
Phillip Sz (phillip-sz) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please execute the following command, as it will automatically gather debugging information, in a terminal:
apport-collect BUGNUMBER
When reporting bugs in the future please use apport by using 'ubuntu-bug' and the name of the package affected. You can learn more about this functionality at

affects: ubuntu → linux (Ubuntu)
Changed in linux (Ubuntu):
status: New → Incomplete
Tim Gardner (timg-tpi) on 2014-07-21
Changed in linux (Ubuntu Trusty):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Changed in linux (Ubuntu Utopic):
assignee: nobody → Tim Gardner (timg-tpi)
status: Incomplete → In Progress
Tim Gardner (timg-tpi) on 2014-07-21
Changed in linux (Ubuntu Trusty):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Utopic):
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.16.0-6.11

linux (3.16.0-6.11) utopic; urgency=low

  [ Paolo Pisati ]

  * [Config] armhf: MXS_DMA=y && MTD_NAND_GPMI_NAND=m
  * [Config] armhf: KEYBOARD_IMX=m
  * [Config] armhf: build cubox & imx6 DTBs
  * [Config] armhf: RTC_DRV_PCF8523=y

  [ Tim Gardner ]

    - LP: #1344405
    - LP: #1343109
  * Release Tracking Bug
    - LP: #1349196

  [ Upstream Kernel Changes ]

  * rebase to v3.16-rc7
 -- Tim Gardner <email address hidden> Thu, 24 Jul 2014 09:08:55 -0400

Changed in linux (Ubuntu Utopic):
status: Fix Committed → Fix Released
Ralf Aumüller (ralf-aumueller) wrote :

Will this bug be fixed in next kernel update for trusty 14.04?

We have the problem that nfs4-id-mapping didn't work in 14.04 with rpc.idmapd. Sometimes the UIDs are listet as 4294967294.

After rebuilding kernel 3.13.0-32 with build option CONFIG_KEYS_DEBUG_PROC_KEY and using the new mapping method with /proc/keys the problem was fixed. (Had to increase kernel.keys.root_maxkeys and kernel.keys.maxkeys).

Ben Polman (ben-polman) wrote :

I had the same problem and have tried the same remedy, increasing the parameters and rebuld kernel
I did this with 3.13.0-34 on a ubuntu 14.04 client which was running already this kernel in which it was
not fixed.

When can we expect this to be present in a trusty kernel update ?
We are experiencing a lot of trouble with this since we are migrating more machines
to 14.04.
We had and still have the same problem but a lot less frequently on 12.04 clients.
Is the same fix expected to work ?

Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-trusty
Ben Polman (ben-polman) wrote :

I have tested the proposed kernel and it works, /proc/keys gets filled and
nfsidmap -c
now works without complaint

Ben Polman (ben-polman) on 2014-08-21
tags: added: verification-done-trusty
removed: verification-needed-trusty
Launchpad Janitor (janitor) wrote :
Download full text (38.9 KiB)

This bug was fixed in the package linux - 3.13.0-35.62

linux (3.13.0-35.62) trusty; urgency=low

  [ Joseph Salisbury ]

  * Release Tracking Bug
    - LP: #1357148

  [ Brad Figg ]

  * Start new release

  [ dann frazier ]

  * SAUCE: (no-up) Fix build failure on arm64
    - LP: #1353657
  * [debian] Allow for package revisions condusive for branching

  [ David Henningsson ]

  * SAUCE: Call broadwell specific functions from the hda driver
    - LP: #1317865

  [ Edward Lin ]

  * SAUCE: (no-up) Add use native backlight quirk for Dell Inspiron
    - LP: #1332437

  [ Imre Deak ]

  * SAUCE: drm/i915: move power domain init earlier during system resume
    - LP: #1353405

  [ Jani Nikula ]

  * SAUCE: drm/i915: use lane count and link rate from VBT as minimums for
    - LP: #1338582
  * SAUCE: drm/i915/dp: force eDP lane count to max available lanes on BDW
    - LP: #1338582
  * SAUCE: drm/i915: provide interface for audio driver to query cdclk
    - LP: #1188091
  * SAUCE: drm/i915: demote opregion excessive timeout WARN_ONCE to
    - LP: #1351014

  [ Joseph Salisbury ]

  * [Config] updateconfigs after Linux updates

  [ Luis Henriques ]

  * Revert "[Packaging] linux-udeb-flavour -- standardise on linux prefix"

  [ Ming Lei ]

  * Revert "SAUCE: (no-up) ata: Fix the dma state machine lockup for the
    IDENTIFY DEVICE PIO mode command."
    - LP: #1335645

  [ Paulo Zanoni ]

  * SAUCE: drm/i915: consider the source max DP lane count too
    - LP: #1338582

  [ Tim Gardner ]

  * [Config] CONFIG_GPIO_SYSFS=y
    - LP: #1342153
    - LP: #1344405
  * [Config] updateconfigs
    - LP: #1343109
    - LP: #1349028

  [ Timo Aaltonen ]

  * SAUCE: Fix a typo in hda i915_bdw support.
    - LP: #1343140

  [ Upstream Kernel Changes ]

  * Revert "net/mlx4_en: Fix bad use of dev_id"
    - LP: #1347012
  * Revert "ACPI / AC: Remove AC's proc directory."
    - LP: #1356913
  * Revert "mac80211: move "bufferable MMPDU" check to fix AP mode scan"
    - LP: #1356913
  * mm, pcp: allow restoring percpu_pagelist_fraction default
    - LP: #1347088
  * net: Fix permission check in netlink_connect()
    - LP: #1312989
  * netlink: Rename netlink_capable netlink_allowed
    - LP: #1312989
  * net: Move the permission check in sock_diag_put_filterinfo to
    - LP: #1312989
  * net: Add variants of capable for use on on sockets
    - LP: #1312989
  * net: Add variants of capable for use on netlink messages
    - LP: #1312989
  * net: Use netlink_ns_capable to verify the permisions of netlink
    - LP: #1312989
  * netlink: Only check file credentials for implicit destinations
    - LP: #1312989
  * igb: fix stats for i210 rx_fifo_errors
    - LP: #1338893
  * HID: use multi input quirk for 22b9:2968
    - LP: #1339567
  * crypto/nx: disable NX on little endian builds
    - LP: #1338666
  * ACPI / video: Add Dell Inspiron 5737 to the blacklist
    - LP: #1250401
  * Input: elantech - deal with clickpads reportin...

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers