[pkg-cryptsetup-devel] Bug#575652: cryptsetup: init script "cryptdisks-early" fails during system halt
Alfredo Finelli
0x4146 at gmail.com
Tue Apr 6 17:18:27 UTC 2010
I agree with you about the problem with an encrypted root partition. To
understand how safe it is to ignore the error I investigated the
behaviour of cryptsetup and lvm during shutdown and reboot.
- Cryptsetup. The only effect of luksClose, correct me if I am wrong,
is to remove the device mappings. I deduced it from reading the
output of "strace cryptsetup luksClose ...", of which here is an
excerpt:
[...]
3702 open("/dev/mapper/control", O_RDWR|O_LARGEFILE) = 3
[...]
3702 ioctl(3, DM_VERSION, 0x8b101d0) = 0
3702 ioctl(3, DM_TABLE_STATUS, 0x8b101d0) = 0
3702 ioctl(3, DM_DEV_REMOVE, 0x8b101d0) = 0
3702 close(3) = 0
3702 stat64("/dev/mapper/wd3-crypt", {st_mode=S_IFBLK|0660,\
st_rdev=makedev(254, 6), ...}) = 0
3702 unlink("/dev/mapper/wd3-crypt") = 0
3702 exit_group(0) = ?
- LVM. The command "/sbin/vgchange -aly --ignorelockingfailure" fails
when the devices created by cryptsetup are still present. After some
more use of strace this is what I think "vgchange" exactly does:
- remove the VG from the list of available VGs;
- remove the devices in /dev/mapper, etc.;
- update /etc/lvm/cache/.cache.
Since the system is doing shutdown/reboot then it is not a problem if
the devices are not unlinked and not made unavailable; the file
/etc/lvm/cache/.cache is not updated but it should be generated again
during the next boot phase anyway.
It seems, in the end, things don't need to change. Maybe the error
string displayed by the lvm2 init script ("...Failed!", etc.) is a bit
misleading, in that it makes one think about some serious issue while
instead its content is only informational.
Maybe the people maintaining the lvm2 package could be informed about it
and then decide if they agree about the lack of risks in not doing a
vgchange upon shutdown and also about the displayed error message.
More information about the pkg-cryptsetup-devel
mailing list