Encrypted home not mountable under chroot

Bug #769595 reported by Todd A. Jacobs on 2011-04-23
46
This bug affects 9 people
Affects Status Importance Assigned to Milestone
dchroot (Ubuntu)
Undecided
Unassigned
ecryptfs-utils (Ubuntu)
High
Unassigned
schroot (Ubuntu)
High
Unassigned

Bug Description

Binary package hint: ecryptfs-utils

An schroot has the following fstab defined:

/proc /proc none rw,rbind 0 0
/sys /sys none rw,rbind 0 0
/dev /dev none rw,rbind 0 0
/home /home none rw,bind 0 0
/tmp /tmp none rw,bind 0 0

However, the encrypted home directory is not mounted properly within the chroot, nor will ecryptfs allow the private directory to be mounted manually from within the chroot:

$ schroot
W: Failed to change to directory ‘/home/codegnome’: No such file or directory
W: Falling back to directory ‘/’
I have no name!:/$ ecryptfs-mount-private
ERROR: Encrypted private directory is not setup properly

Expected behavior is that the chroot will automatically mount a currently-mounted private directory. Failing that, it should allow the user to mount the private home directory from within the chroot.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: ecryptfs-utils 87-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2
Uname: Linux 2.6.38-8-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Sat Apr 23 11:26:41 2011
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Beta amd64 (20110330)
ProcEnviron:
 LANGUAGE=en_US:en
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: ecryptfs-utils
UpgradeStatus: No upgrade log present (probably fresh install)

Todd A. Jacobs (codegnome) wrote :

I had this same issue, but I managed to work around it by changing exactly this file.

If you change

/home /home none rw,bind 0 0

to

/home /home none rw,rbind 0 0

the home folder gets mounted properly.

I hope this helps

Dustin Kirkland  (kirkland) wrote :

Ricardo,

Thanks for the info! I'll see if there's anything I can do ecryptfs-side to get this fixed...

Changed in ecryptfs-utils (Ubuntu):
status: New → Triaged
importance: Undecided → High
Todd A. Jacobs (codegnome) wrote :

I can confirm that Ricardo's solution works for me, too. This appears to work because the encrypted home directory is actually a sub-mount of /home, thus requiring rbind rather than bind to work. In all likelihood, this is probably correct behavior--just not intuitive or well-documented.

My recommendation is to document the issue in the schroot (and possibly ecryptfs) README, and perhaps adding a working example to the default schroot.conf file or a named sub-directory. Currently, schroot is shipping with configurations for default, desktop, minimal, and sbuild. Perhaps simply adding another configuration directory for "encrypted-desktop" or similar would be the easiest path forward.

Dustin Kirkland  (kirkland) wrote :

Adding a task for schroot.

Basically, we need shroot to detect if a user's home directory is encrypted, and if so, modify the default profile at /etc/schroot/default/fstab to use:
  /home /home none rw,rbind 0 0
instead of:
  /home /home none rw,bind 0 0

Changed in schroot (Ubuntu):
status: New → Triaged
importance: Undecided → High
Niko Ehrenfeuchter (he1ix) wrote :

Thanks a lot guys for finding the solution to this issue. Behavious is identical as described above on Maverick/10.10 (both, bug + solution).

tags: added: maverick
Dave01945 (dave01945) wrote :

this solution doest work for me the output of /etc/mtab says it is bind but /etc/fstab is set to rbind

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in dchroot (Ubuntu):
status: New → Confirmed
Ramana Radhakrishnan (ramana) wrote :

I had the same problem and then realized that my schroot config had the following line

script-config=desktop/config

While updating fstab in the default case might work in some cases , I had to update fstab in /etc/schroot/desktop/fstab and then it all worked.

Ramana

Roger Leigh (rleigh) wrote :

Note that we don't currently enable rbind by default due to it interacting badly with autofs. See the other bugs about this. https://bugs.launchpad.net/ubuntu/+source/schroot/+bug/791908

IbuntuZ (ibrob00) on 2013-12-20
information type: Public → Public Security
David Planella (dpm) on 2013-12-21
information type: Public Security → Public
Tyler Hicks (tyhicks) wrote :

Please adjust your schroot fstab to bind mount your actual home directory instead of the /home folder:

  /home/tyhicks /home/tyhicks none rw,bind 0 0

Marking the ecryptfs-utils task as invalid as this is a schroot configuration issue and not an eCryptfs bug.

Changed in ecryptfs-utils (Ubuntu):
status: Triaged → Invalid
Mark Carroll (r-mark-4) wrote :

This bind to rbind fix works for me too, thank you.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers