[pkg-cryptsetup-devel] Bug#906212: cryptsetup: locking dir missing

Christoph Anton Mitterer calestyo at scientia.net
Wed Aug 15 17:01:35 BST 2018


Ah thanks for your clarification :-)

Best wishes,
Chris.

On Wed, 2018-08-15 at 17:14 +0200, Guilhem Moulin wrote:
> Control: retitle -1 cryptsetup: missing LUKS2 header locking
> directory
> 
> On Wed, 15 Aug 2018 at 16:41:27 +0200, Christoph Anton Mitterer
> wrote:
> > Several documents in cryptsetup imply that the distribution
> > needs to take care that:
> > /run/lock/cryptsetup
> > exists and is readable by root only:
> 
> Since v2.0.1 the LUKS2 header lockdir defaults to ‘/run/cryptsetup’,
> cf.
> 
>     
> https://gitlab.com/cryptsetup/cryptsetup/commit/6f4c15b2b2d5e7a9cd7e08b55c319b6e272544f6
> 
> > This is not the case in Debian, it seems.
> 
> We ship upstream's /usr/lib/tmpfiles.d/cryptsetup.conf as part of the
> ‘cryptsetup-bin’ package; when PID 1 is systemd, systemd-tmpfiles(8)
> takes care of creating the lockdir with suitable
> permissions.  Moreover,
> our SysV init scripts and initramfs-tools boot scripts run
> `mkdir -pm0700 /run/cryptsetup`.
> 
> (Also, the directory is created automatically if it doesn't exist but
> its parent does, cf.
> lib/utils_device_locking.c:open_lock_dir().  That
> behavior is undocumented though, and with “usual” init systems the
> situation should never arise.)
> 



More information about the pkg-cryptsetup-devel mailing list