libdm returns wrong error code when dm-verity key cannot be found
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lvm2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Noble |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When libcryptsetup tries to activate a signed dm-verity volume, and the key is not in the kernel keyring, libdevicemapper does not return the appropriate ENOKEY, so the failure cannot be distinguished from other generic issues.
This is a problem when software like systemd via libcryptsetup try to open a volume, and get an unrecognizable error out of it. With the fix in libdm and libcryptsetup, there is a clear ENOKEY returned when a key is missing and activation fails for that reason. This allows systemd (and other applications) to make the right decision depending on the failure case. Without this, the same generic error is returned in any case.
For more details, see:
https:/
libcryptsetup 2.7.0, now available in debian stable, and systemd v255, shipped in Noble, make use of this error code.
This is fixed in the lvm2 version 2.03.23 upstream release.
Please consider backporting this patch for Noble.
Upstream PR: https:/
Upstream commit: 25ef7a7b1a876f4
Related branches
- Gianfranco Costamagna (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 82 lines (+68/-0)2 files modifieddebian/patches/libdm-propagate-ioctl-errors-back-to-caller.patch (+67/-0)
debian/patches/series (+1/-0)
Changed in lvm2 (Ubuntu Noble): | |
status: | New → Confirmed |
description: | updated |
Merge request opened at https:/ /code.launchpad .net/~bluca/ ubuntu/ +source/ lvm2/+git/ lvm2/+merge/ 460984