[pkg-cryptsetup-devel] Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it

[Christoph Anton Mitterer]

Package: cryptsetup
Version: 2:1.1.2-1
Severity: normal


Hi Jonas.

This is rather for the records, than a real bug.

I'm currently investigating in the problems that occur, when having fully
encrypted systems (root-fs on dm-crypt) and the block layers are even stacked
(e.g. with lvm2, mdadm, etc).

I noticed a problem in lvm2, that when the root-fs is on top of lvm, it cannot
close the VG on shutdown/reboot, as / is only remounted-ro (which even happens
after lvm2 stop)... anyway.

The same problem must obviously appear with cryptsetup.
However, I never saw a warning.

Do you generally not warn, if devices could not be closed, or just for root?
If you generally do not warn that could be a problem, if e.g. users set up
dm-crypt devices on a loopback device, because people wouldn not notice,
if closing of dm-crypt device did not work, and therfore also not closing
of the loopback device and clean unmounting of the underlaying filesystem.

For the root-fs it could be a problem, if it's not secured that on the
remount,ro of the root-fs just before halt/reboot, everything that the
fs worte out, has already passed dm-crypt (and further) layer to the disk.
I'll ask at lkml on how this works.


Cheers,
Chris.