| Msg # 294 of 505 on ZZLI4427, Tuesday 11-03-25, 9:30 |
| From: QUANTARION |
| To: ALL |
| Subj: Bug#1119958: closing encrypted volume im |
XPost: linux.debian.bugs.dist From: horacijedjuric@gmail.com Package: mmdebstrap Version: 1.5.7-1+deb13u1 Severity: important Tags: d-i X-Debbugs-Cc: horacijedjuric@gmail.com, debian-boot@lists.debian.org mount --make-rprivate / in the function setup_mounts makes it impossible to close the encrypted volume if the target root is located on it. It is not the fault of mmdebstrap per se, but the easiest way to solve the problem is to fix it in mmdebstrap. To illustrate the problem, I made a minimal setup to reproduce it: Case 1, with mount propagation: root@qemu# cryptsetup luksOpen /dev/sdb2 cryptoroot Enter passphrase for /dev/sdb2: root@qemu# mount /dev/mapper/cryptoroot /target root@qemu# mount --make-rprivate / root@qemu# umount -R /target root@qemu# sudo cryptsetup luksClose cryptoroot Device cryptoroot is still in use. root@qemu# grep cryptoroot /proc/*/mountinfo /proc/336/mountinfo:86 87 254:0 / /target rw,relatime shared:103 - ext4 /dev/mapper/cryptoroot rw /proc/341/mountinfo:85 88 254:0 / /target rw,relatime shared:102 - ext4 /dev/mapper/cryptoroot rw /proc/638/mountinfo:84 176 254:0 / /target rw,relatime shared:101 - ext4 /dev/mapper/cryptoroot rw root@qemu# grep -l cryptoroot /proc/[0-9]*/mountinfo 2>/dev/null | cut -d/ - f3 | xargs ps -p PID TTY STAT TIME COMMAND 336 ? Ssl 0:00 /usr/lib/systemd/systemd-timesyncd 341 ? Ss 0:00 /usr/lib/systemd/systemd-udevd 638 ? Ss 0:00 /usr/lib/systemd/systemd-logind root@qemu# systemctl restart systemd-timesyncd systemd-udevd systemd-logind root@qemu# grep cryptoroot /proc/*/mountinfo root@qemu# sudo cryptsetup luksClose cryptoroot root@qemu# As you can see some systemd services still use unmounted root (/target). restarting them frees the handles and luks volume can be closed. Restarting those services is not a solution; I have three of them, someone could have more, or less, or even something else holding the volume. The same procedure without mount propagation Case 2: root@qemu# cryptsetup luksOpen /dev/sdb2 cryptoroot Enter passphrase for /dev/sdb2: root@qemu# mount /dev/mapper/cryptoroot /target root@qemu# umount -R /target root@qemu# sudo cryptsetup luksClose cryptoroot root@qemu# grep cryptoroot /proc/*/mountinfo root@qemu# I'm not sure why is mount --make-rprivate / required, but if it can't be removed, then at least it shouldn't be executed if all mounts are skipped by selecting all three options to that effect: --skip=chroot/mount/dev --skip=chroot/mount/proc --skip=chroot/mount/sys In such a case, no mounts will be done, hence mount --make-rprivate / is not required, and I'd be very happy indeed if it wasn't executed at all. Let me know if I can help further. -- System Information: Debian Release: 13.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.12.48+deb13-amd64 (SMP w/32 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, AINT_UNSIGNED_MODULE Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), ANGUAGE=en_CA:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages mmdebstrap depends on: ii apt 3.0.3 ii perl 5.40.1-6 ii python3 3.13.5-1 Versions of packages mmdebstrap recommends: ii arch-test 0.22-1 ii gpg 2.4.7-21+b3 ii libdistro-info-perl 1.13 ii libdpkg-perl 1.22.21 ii mount 2.41-5 ii uidmap 1:4.17.4-2 Versions of packages mmdebstrap suggests: pn apt-transport-tor |
328,119 visits
(c) 1994, bbs@darkrealms.ca