[pkg-cryptsetup-devel] Bug#762297: Bug#762297: cryptsetup: fails to create tmp filesystem due to false positive from blkid

Jonas Meurer jonas at freesources.org
Thu Oct 2 11:16:16 UTC 2014


severity 762297 minor
tag 762297 wontfix
thanks

Hi Zygo,

thanks for your bugreport.

Am 20.09.2014 um 22:07 schrieb Zygo Blaxell:
> un_blkid is not a suitable precheck for plain dm-crypt 'tmp' or 'swap'
> devices due to the potential for false positives from previous runs
> on the same device.

That's really unfortunate. To my knowledge, you're the first one who hit
this issue so far.

Unfortunately, no better solution than un_blkid is known to me to
prevent serious data loss in case of device rearrangement or
missconfiguration with plain dm-crypt devices and automated swap or
tmpfs creation. Thus I'll mark the bug as wontfix.

In case that you really know what you're doing, you can set
precheck=/bin/true in the crypttab and prevent the precheck for
particular plain dm-crypt devices that way.

> This bug potentially leads to information disclosure in some
configurations.

This is true for encrypted tmp filesystems if the rootfs is not
encrypted. Still, the boot scripts print clear error messages and the
boot process should fail in that case anyway. It should be obvious that
things don't work as expected in that case ;)

Kind regards,
 jonas



More information about the pkg-cryptsetup-devel mailing list