[Bug 1453738] Re: installer in LVM mode sets up broken encrypted swap, using duplicate unencrypted swap
Martin Pitt
martin.pitt at ubuntu.com
Thu Jul 9 10:01:19 UTC 2015
I just did an LVM+ecryptfs installation on trusty, and it turns out that
the even bigger breakage of bug 953875 trumps this bug -- i. e. in
trusty you have a wiped /dev/mapper/ubuntu--vg-swap_1 due to the
ubiquity part of that bug, thus the device in /etc/crypttab is invalid,
and the invalid /etc/fstab mount is displayed quickly by mountall (in
plymouth) but does not block the boot. Thus there is no security issue
for trusty, just no swap and wasted disk space. Once we fix bug 953875
in trusty this one should get fixed as well, though.
** Changed in: ecryptfs-utils (Ubuntu Trusty)
Importance: High => Medium
** Description changed:
When installing Ubuntu with "Use LVM" (but not encryption!), and
"encrypt my home dir", the installer adds the original unencrypted swap
to fstab. Then, ecryptfs-setup-swap keeps that, and additionally
configures an encrypted swap via an UUID and without offset (which would
- trigger bug 953857 again!), so that you end up with *two* swap configs
+ trigger bug 953875 again!), so that you end up with *two* swap configs
for one and the same partition, once unencrypted and once encrypted:
fstab:
/dev/mapper/ubuntu--vg-swap_1 none swap sw 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
crypttab:
cryptswap1 UUID=f636d7ef-9405-482d-a90a-5ba67026fcfb /dev/urandom swap,offset=1024,cipher=aes-xts-plain64
(UUID is for ubuntubuntu--vg-swap_1). This can't work, as the
unencrypted one is faster, so trying to set up the encrypted one fails.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1453738
Title:
installer in LVM mode sets up broken encrypted swap, using duplicate
unencrypted swap
Status in eCryptfs:
New
Status in ecryptfs-utils package in Ubuntu:
In Progress
Status in ecryptfs-utils source package in Trusty:
Triaged
Status in ecryptfs-utils source package in Utopic:
Won't Fix
Status in ecryptfs-utils source package in Vivid:
Triaged
Status in ecryptfs-utils source package in Wily:
In Progress
Bug description:
When installing Ubuntu with "Use LVM" (but not encryption!), and
"encrypt my home dir", the installer adds the original unencrypted
swap to fstab. Then, ecryptfs-setup-swap keeps that, and additionally
configures an encrypted swap via an UUID and without offset (which
would trigger bug 953875 again!), so that you end up with *two* swap
configs for one and the same partition, once unencrypted and once
encrypted:
fstab:
/dev/mapper/ubuntu--vg-swap_1 none swap sw 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
crypttab:
cryptswap1 UUID=f636d7ef-9405-482d-a90a-5ba67026fcfb /dev/urandom swap,offset=1024,cipher=aes-xts-plain64
(UUID is for ubuntubuntu--vg-swap_1). This can't work, as the
unencrypted one is faster, so trying to set up the encrypted one
fails.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/1453738/+subscriptions
More information about the foundations-bugs
mailing list