Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

unlock no longer works due to new systemd decryption method #4

Closed
Sleeck opened this Issue Jul 5, 2016 · 11 comments

Comments

Projects
None yet
9 participants
@Sleeck
Copy link

Sleeck commented Jul 5, 2016

Hello,

On fresh Centos 7 install you can't use anymore unlock helper.

When installing "cryptsetup" a new systemd generator units is deployed in this file /usr/lib/systemd/system-generators/systemd-cryptsetup-generator

This generator read /etc/crypttab and create dependings units for calling this command for each entries:
/usr/lib/systemd/systemd-cryptsetup attach luks-bfff8 /dev/disk/by-uuid/bfff8506-4feb-4bb5-a3ad-028df5ff3daf none luks.

There is no more /sbin/cryptsetup binaries inside initrd.
unlock.c: char *path = "/sbin/cryptsetup";

Current workaround is using /usr/bin/console_auth to enter password.

I don't know why, but unlock helper fail on "Warning: Unable to lock memory, are you root?" in root.

Tested on
CentOS Linux release 7.2.1511 (Core)
systemd-219-19.el7_2.11.x86_64
cryptsetup-1.6.7-1.el7.x86_64
dracut-033-360.el7_2.1.x86_64
dracut-network-033-360.el7_2.1.x86_64
dracut-crypt-ssh-1.0.3-1.el7.centos.x86_64

Best regards,
Sleeck.

@rbu

This comment has been minimized.

Copy link
Member

rbu commented Dec 13, 2016

I'm seeing the unlock warning too and will investigate. Do you know why the cryptsetup binary would not be put inside the initramfs?

@mathiasringhof

This comment has been minimized.

Copy link

mathiasringhof commented Jan 4, 2017

I just tried with a brand new CentOS 7.3 minimal, encryption setup through the installer, module installed through the repository. Worked fine for me!

systemd.x86_64 219-30.el7_3.6
cryptsetup.x86_64 1.7.2-1.el7
dracut.x86_64 033-463.el7
dracut-network.x86_64 033-463.el7
dracut-crypt-ssh.x86_64 1.0.3-1.el7.centos

@rbu

This comment has been minimized.

Copy link
Member

rbu commented Jan 9, 2017

@mathiasringhof thanks for the feedback. I'm closing this due to lack of response from the original poster and as I'm also not able to reproduce.

@Sleeck feel free to reopen if you still encounter this.

@rbu rbu closed this Jan 9, 2017

@9dt

This comment has been minimized.

Copy link

9dt commented Jul 6, 2017

Hello!

I get the Warning: Unable to lock memory, are you root? error when using unlock on Gentoo.

eudev-3.2.2-r1
dracut-045-r2

console_auth does work.

unlock unlocks, however something goes wrong, and the system hangs when /dev is populated...

@breed808 breed808 referenced this issue Jul 13, 2017

Closed

SELinux support #9

@artem-sidorenko

This comment has been minimized.

Copy link
Member

artem-sidorenko commented Jul 19, 2017

@9dt I'm not sure if somebody could help here. Each Gentoo installation is completely different, nobody of us could easily reproduce it (I was a Gentoo user for > 10 years). If you manage to figure out the reason, it would be good to know it

Btw, I used https://github.com/slashbeast/better-initramfs and/or https://github.com/r1k0/kigen on Gentoo

@piwats

This comment has been minimized.

Copy link

piwats commented Jul 19, 2017

@artem-sidorenko thanks for the reply.

I'm using the console_auth via an expect script for now. This works, since it isn't using the unlock binary.

@hurricanehrndz

This comment has been minimized.

Copy link

hurricanehrndz commented Jul 19, 2017

I'm seeing the same issue! "Warning: Unable to lock memory, are you root?" wih F26. Can also confirm console_auth works. cryptsetup is in initramfs.

@aimlessadam

This comment has been minimized.

Copy link

aimlessadam commented Jul 19, 2017

it works for me w/ Centos 7.3, despite the 'are you root' warning, though I had to manually add /etc/crypttab to my initrd.

@hurricanehrndz

This comment has been minimized.

Copy link

hurricanehrndz commented Jul 19, 2017

@hurricanehrndz

This comment has been minimized.

Copy link

hurricanehrndz commented Jul 19, 2017

@aimlessadam
You are right, unlock still works despite the warning. Thanks for the feedback. This works well with pass.

@strasharo

This comment has been minimized.

Copy link

strasharo commented Jan 28, 2019

Got the same issue on Fedora 29. Getting the warning "Warning: Unable to lock memory, are you root?" also unlock is not able to open the encrypted volumes. console_auth works fine for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.