[Kernel-packages] [Bug 1612854] [NEW] ubuntu-device-flash snap doesn't work on eCryptfs encrypted home

Tyler Hicks Fri, 12 Aug 2016 15:41:19 -0700

Public bug reported:

Originally reported by Michael Vogt and investigated by Jamie
Strandboge:


1. create a VM with 5G free space (at least)
2. create a testuser: sudo adduser --encrypt-home testuser
3. add the testuser to 'sudo': sudo adduser testuser sudo
4. login as test user and do:

$ sudo snap install --devmode --edge ubuntu-device-flash
$ sudo DEBUG_DISK=1 strace -o /tmp/trace -f -vv /snap/bin/ubuntu-device-flash 
core 16 --kernel canonical-snapdragon-linux --gadget canonical-dragon --os 
ubuntu-core --channel=edge -o $(pwd)/dragon.img
[sudo] password for testuser: 
Determining gadget configuration
 744.00 KB / 744.00 KB [=======================================] 100.00% 5.62 
MB/s 0
Parallel unsquashfs: Using 1 processor
13 inodes (35 blocks) to write

/tmp/gadget530855550/gadget/fake-gadget/1.0-fake
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/README
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/gpt.bin
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/hyp.mbn
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/meta
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/meta/icon.png
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/meta/snap.yaml
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/rpm.mbn
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/sbl1.mbn
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/sd_appsboot.mbn
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/sec.dat
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/tz.mbn
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/u-boot.img
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/uboot.env
/tmp/gadget530855550/gadget/fake-gadget/1.0-fake/uboot.env.in

created 13 files
created 2 directories
created 0 symlinks
created 0 devices
created 0 fifos

Error: Could not stat device /home/testuser/dragon.img - Permission denied.
issues while partitioning


>From strace:
2007  lstat("/home", {st_dev=makedev(253, 1), st_ino=12, st_mode=S_IFDIR|0755, 
st_nlink=6, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4096, 
st_atime=2016/08/12-06:05:24.897831278, st_mtime=2016/08/12-06:05:17.465732936, 
st_ctime=2016/08/12-06:05:17.465732936}) = 0
2007  lstat("/home/testuser", {st_dev=makedev(0, 40), st_ino=405, 
st_mode=S_IFDIR|0755, st_nlink=4, st_uid=1001, st_gid=1001, st_blksize=4096, 
st_blocks=8, st_size=4096, st_atime=2016/08/12-06:13:28.992000000, 
st_mtime=2016/08/12-06:14:42.907782272, 
st_ctime=2016/08/12-06:14:42.907782272}) = 0
2007  lstat("/home/testuser/dragon.img", 0x7ffe57228440) = -1 EACCES 
(Permission denied)

But the file exists:
$ stat ./dragon.img 
  File: './dragon.img'
  Size: 3899999744      Blocks: 7617216    IO Block: 4096   regular file
Device: 28h/40d Inode: 101         Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1001/testuser)   Gid: ( 1001/testuser)
Access: 2016-08-12 06:41:46.871343338 -0500
Modify: 2016-08-12 06:41:46.871343338 -0500
Change: 2016-08-12 06:41:46.871343338 -0500
 Birth: -


Doing this in a non-ecryptfs dir:
$ sudo mkdir /home/foo
$ sudo chown testuser:testuser /home/foo
$ cd /home/foo
$ sudo DEBUG_DISK=1 strace -o /tmp/trace -f -vv /snap/bin/ubuntu-device-flash 
core 16 --kernel canonical-snapdragon-linux --gadget canonical-dragon --os 
ubuntu-core --channel=edge -o $(pwd)/dragon.img
...
New image complete
Summary:
 Output: /home/foo/dragon.img
 Architecture: arm64
 Channel: edge
 Version: 0

Looking in this strace:
2032  lstat("/home", {st_dev=makedev(253, 1), st_ino=12, st_mode=S_IFDIR|0755, 
st_nlink=6, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=4096, 
st_atime=2016/08/12-06:05:24.897831278, st_mtime=2016/08/12-06:05:17.465732936, 
st_ctime=2016/08/12-06:05:17.465732936}) = 0
2032  lstat("/home/foo", {st_dev=makedev(253, 1), st_ino=107, 
st_mode=S_IFDIR|0755, st_nlink=2, st_uid=1001, st_gid=1001, st_blksize=4096, 
st_blocks=8, st_size=4096, st_atime=2016/08/12-06:15:28.732042881, 
st_mtime=2016/08/12-06:15:35.783602468, 
st_ctime=2016/08/12-06:15:35.783602468}) = 0
2032  lstat("/home/foo/dragon.img", {st_dev=makedev(253, 1), st_ino=85, 
st_mode=S_IFREG|0644, st_nlink=1, st_uid=1001, st_gid=1001, st_blksize=4096, 
st_blocks=0, st_size=3899999744, st_atime=2016/08/12-06:15:35.783602468, 
st_mtime=2016/08/12-06:15:35.783602468, 
st_ctime=2016/08/12-06:15:35.783602468}) = 0

** Affects: linux (Ubuntu)
     Importance: Medium
     Assignee: Tyler Hicks (tyhicks)
         Status: Triaged

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1612854

Title:
  ubuntu-device-flash snap doesn't work on eCryptfs encrypted home

Status in linux package in Ubuntu:
  Triaged

Bug description:
  Originally reported by Michael Vogt and investigated by Jamie
  Strandboge:

  1. create a VM with 5G free space (at least)
  2. create a testuser: sudo adduser --encrypt-home testuser
  3. add the testuser to 'sudo': sudo adduser testuser sudo
  4. login as test user and do:

  $ sudo snap install --devmode --edge ubuntu-device-flash
  $ sudo DEBUG_DISK=1 strace -o /tmp/trace -f -vv /snap/bin/ubuntu-device-flash 
core 16 --kernel canonical-snapdragon-linux --gadget canonical-dragon --os 
ubuntu-core --channel=edge -o $(pwd)/dragon.img
  [sudo] password for testuser: 
  Determining gadget configuration
   744.00 KB / 744.00 KB [=======================================] 100.00% 5.62 
MB/s 0
  Parallel unsquashfs: Using 1 processor
  13 inodes (35 blocks) to write

  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/README
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/gpt.bin
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/hyp.mbn
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/meta
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/meta/icon.png
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/meta/snap.yaml
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/rpm.mbn
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/sbl1.mbn
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/sd_appsboot.mbn
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/sec.dat
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/tz.mbn
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/u-boot.img
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/uboot.env
  /tmp/gadget530855550/gadget/fake-gadget/1.0-fake/uboot.env.in

  created 13 files
  created 2 directories
  created 0 symlinks
  created 0 devices
  created 0 fifos

  Error: Could not stat device /home/testuser/dragon.img - Permission denied.
  issues while partitioning

  
  From strace:
  2007  lstat("/home", {st_dev=makedev(253, 1), st_ino=12, 
st_mode=S_IFDIR|0755, st_nlink=6, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=4096, st_atime=2016/08/12-06:05:24.897831278, 
st_mtime=2016/08/12-06:05:17.465732936, 
st_ctime=2016/08/12-06:05:17.465732936}) = 0
  2007  lstat("/home/testuser", {st_dev=makedev(0, 40), st_ino=405, 
st_mode=S_IFDIR|0755, st_nlink=4, st_uid=1001, st_gid=1001, st_blksize=4096, 
st_blocks=8, st_size=4096, st_atime=2016/08/12-06:13:28.992000000, 
st_mtime=2016/08/12-06:14:42.907782272, 
st_ctime=2016/08/12-06:14:42.907782272}) = 0
  2007  lstat("/home/testuser/dragon.img", 0x7ffe57228440) = -1 EACCES 
(Permission denied)

  But the file exists:
  $ stat ./dragon.img 
    File: './dragon.img'
    Size: 3899999744    Blocks: 7617216    IO Block: 4096   regular file
  Device: 28h/40d       Inode: 101         Links: 1
  Access: (0644/-rw-r--r--)  Uid: ( 1001/testuser)   Gid: ( 1001/testuser)
  Access: 2016-08-12 06:41:46.871343338 -0500
  Modify: 2016-08-12 06:41:46.871343338 -0500
  Change: 2016-08-12 06:41:46.871343338 -0500
   Birth: -

  
  Doing this in a non-ecryptfs dir:
  $ sudo mkdir /home/foo
  $ sudo chown testuser:testuser /home/foo
  $ cd /home/foo
  $ sudo DEBUG_DISK=1 strace -o /tmp/trace -f -vv /snap/bin/ubuntu-device-flash 
core 16 --kernel canonical-snapdragon-linux --gadget canonical-dragon --os 
ubuntu-core --channel=edge -o $(pwd)/dragon.img
  ...
  New image complete
  Summary:
   Output: /home/foo/dragon.img
   Architecture: arm64
   Channel: edge
   Version: 0

  Looking in this strace:
  2032  lstat("/home", {st_dev=makedev(253, 1), st_ino=12, 
st_mode=S_IFDIR|0755, st_nlink=6, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=8, st_size=4096, st_atime=2016/08/12-06:05:24.897831278, 
st_mtime=2016/08/12-06:05:17.465732936, 
st_ctime=2016/08/12-06:05:17.465732936}) = 0
  2032  lstat("/home/foo", {st_dev=makedev(253, 1), st_ino=107, 
st_mode=S_IFDIR|0755, st_nlink=2, st_uid=1001, st_gid=1001, st_blksize=4096, 
st_blocks=8, st_size=4096, st_atime=2016/08/12-06:15:28.732042881, 
st_mtime=2016/08/12-06:15:35.783602468, 
st_ctime=2016/08/12-06:15:35.783602468}) = 0
  2032  lstat("/home/foo/dragon.img", {st_dev=makedev(253, 1), st_ino=85, 
st_mode=S_IFREG|0644, st_nlink=1, st_uid=1001, st_gid=1001, st_blksize=4096, 
st_blocks=0, st_size=3899999744, st_atime=2016/08/12-06:15:35.783602468, 
st_mtime=2016/08/12-06:15:35.783602468, 
st_ctime=2016/08/12-06:15:35.783602468}) = 0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1612854/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1612854] [NEW] ubuntu-device-flash snap doesn't work on eCryptfs encrypted home

Reply via email to