[Bug 1453738] Re: installer in LVM mode sets up broken encrypted swap, using duplicate unencrypted swap
Martin Pitt
martin.pitt at ubuntu.com
Fri Jun 12 07:26:08 UTC 2015
We need to fix existing stables at least, including trusty. Even though
upstart doesn't give you a hint/error about the broken swap
configuration, we are still using unencrypted swap there
unintentionally. For an SRU we need to extend our horrible ecryptfs
postinst hack to detect this situation, apply the "offset=" to crypttab,
and comment out the unencrypted swap from /etc/fstab.
Given that we have shipped broken swap partitions in pretty much every
scenario with ecryptfs (bug 953875, this bug, and to a lesser degree bug
1447282), and static swap partitions are also inflexible and unnecessary
on most modern hardware, we should also consider (for wily and later) to
entirely stop configuring them, and consider other solutions like
"swapspace".
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1453738
Title:
installer in LVM mode sets up broken encrypted swap, using duplicate
unencrypted swap
Status in eCryptfs:
New
Status in ecryptfs-utils package in Ubuntu:
Triaged
Status in ecryptfs-utils source package in Trusty:
Triaged
Status in ecryptfs-utils source package in Utopic:
Triaged
Status in ecryptfs-utils source package in Vivid:
Triaged
Status in ecryptfs-utils source package in Wily:
Triaged
Bug description:
When installing Ubuntu with "Use LVM" (but not encryption!), and
"encrypt my home dir", the installer adds the original unencrypted
swap to fstab. Then, ecryptfs-setup-swap keeps that, and additionally
configures an encrypted swap via an UUID and without offset (which
would trigger bug 953857 again!), so that you end up with *two* swap
configs for one and the same partition, once unencrypted and once
encrypted:
fstab:
/dev/mapper/ubuntu--vg-swap_1 none swap sw 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
crypttab:
cryptswap1 UUID=f636d7ef-9405-482d-a90a-5ba67026fcfb /dev/urandom swap,offset=1024,cipher=aes-xts-plain64
(UUID is for ubuntubuntu--vg-swap_1). This can't work, as the
unencrypted one is faster, so trying to set up the encrypted one
fails.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/1453738/+subscriptions
More information about the foundations-bugs
mailing list