New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 689701 link

Starred by 1 user
Status: Archived
Owner: ----
Closed: Jan 10
Cc:
dspaid@chromium.org
uekawa@chromium.org
hashimoto@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

crypohomed: Can not mount one ecryptfs and one ext4 mount at the same time.

Project Member Reported by gwendal@chromium.org, Feb 7 2017 
- mount an ecryptfs vault (installed before switch cryptohomed to ext4 crypto):

Check the keys needed by ecryptfs are in the user keyring:
localhost ~ # keyctl show  
Session Keyring
1042642400 --alswrv      0     0  keyring: _ses
 452281418 --alswrv      0     0   \_ keyring: dircrypt
localhost ~ # keyctl show @us
Keyring
  47680297 --alswrv      0 65534  keyring: _uid_ses.0
 620555071 --alswrv      0 65534   \_ keyring: _uid.0
 190777431 --alswrv      0     0       \_ user: 53c02d3e97ab8953
 160386012 --alswrv      0     0       \_ user: 6fbfa050d0a091ca

- mount an ext4 crypto vault:
The ecryptfs keys are gone:
localhost ~ # keyctl show @s
Keyring
1042642400 --alswrv      0     0  keyring: _ses
 452281418 --alswrv      0     0   \_ keyring: dircrypt
1049271262 ----s--v      0     0       \_ logon: ext4:dfb31a52283878ff
localhost ~ # keyctl show @us
Keyring
  47680297 --alswrv      0 65534  keyring: _uid_ses.0
 620555071 --alswrv      0 65534   \_ keyring: _uid.0


This is expected given we clear the user keyring with platform_->ClearUserKeyring in MountCryptohomeInner(). 
However, won't we need to be able to 2 kind of vaults opened for migration?

Comment 1 by hashimoto@chromium.org, Feb 8 2017 

IIUC eCryptfs needs the key only when calling Mount::RememberMount(), so clearing the user keyring shouldn't affect the already mounted eCryptfs user directories.

Comment 2 by gwendal@chromium.org, Feb 8 2017 

The kernel needs it for the life of the mount:
for instance, in ecryptfs_read_metadata(), we end up requesting the key via ecryptfs_keyring_auth_tok_for_sig(): by definition, ecryptfs can not cache the secret content of the key, defeating the purpose of the keyring.

Comment 3 by hashimoto@chromium.org, Feb 8 2017 

Sorry for the confusion, eCryptfs needs the key, but the key doesn't need to be present under the session keyring after the mount is performed so clearing the keyring doesn't affect the behavior.
You can run "keyctl clear @u" as the root after logging in to an eCryptfs user, and you can still run "keyctl describe" to show the status of the eCryptfs keys.
I'm not familiar with eCryptfs implementation, but I guess it's doing something to prevent the key from being invalidated as long as the mount is alive?

Comment 4 by hashimoto@chromium.org, Feb 8 2017 

BTW, I found that ClearUserKeyring call was added in https://codereview.chromium.org/2645008 (at this time, the function's name was ClearKeyset()).
The change is poorly documented so I cannot figure out the original intention, but I guess it's just to make sure that the keyring is clean.

Because many things have changed since then (e.g. introduction of multi-profile support), I guess it's safe to remove that ClearUserKeyring() call from MountCryptohomeInner().
WDYT?

Comment 5 by benhenry@google.com, Jan 10

Status: Archived (was: Untriaged)
Archiving P3s older than 1 year with no owner or component.

Sign in to add a comment