[pkg-cryptsetup-devel] Bug#993725: cryptsetup-initramfs: LV activation disregards activation/auto_activation_volume_list setting

Lukas Schwaighofer lukas at schwaighofer.name
Sun Sep 5 19:13:03 BST 2021 

Hi Guilhem,

thanks for your quick response.

On Sun, 5 Sep 2021 17:04:06 +0200
Guilhem Moulin <guilhem at debian.org> wrote:

> Which concrete problem does this fix?  At initramfs stage only
> required devices (holding /, /usr, the resume device, or those
> explicitely marked ‘initramfs’) are unlocked and we *do* need to
> activate LVs in order to mount these.  So it's unclear to me what's
> the benefit of checking /etc/lvm/lvm.conf is — and a misconfigured
> LVM configuration file could lead to an unbootable system with this
> patch no?

Without the suggested patch it's impossible to prevent some LVs that
share the same volume group as e.g. the root partition from being
activated automatically. Concretely I was trying to work around a
different bug [1] by avoiding automatically opening some LVs using the
`auto_activation_volume_list` option in the lvm.conf. I was surprised
to still see all my LVs activated (and thus the bug triggered,
rendering my system unbootable).

Indeed, if somebody changed their `auto_activation_volume_list` to not
contain the necessary partitions during boot, that would render their
system unbootable.  I believe this is the correct behavior, and this
would also happen in a pure LVM setup since the script from the LVM2
package uses the `-a ay` flag [2].

I've since found a different work around for the original bug I've been
trying to solve, so this is no longer critical for me. I understand you
have to weight the risk of rendering systems unbootable vs having an
option not work exactly as documented, so feel free to close this if
you feel it's not appropriate.

Thanks
Lukas

[1] https://bugs.debian.org/993738
[2] https://salsa.debian.org/lvm-team/lvm2/-/blob/master/debian/initramfs-tools/lvm2/scripts/local-top/lvm2#L23
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20210905/1b79918b/attachment.sig>

More information about the pkg-cryptsetup-devel mailing list