-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can not change login protector #258
Comments
Thanks for bringing this up @kamentomov. What version of I was able to reproduce some of your problems. Good news, there's probably a workaround. Step 1I created an encrypted directory on a removable drive on System 1. This had two protectors:
This was setup using Output of
Step 2I then attached this drive to System 2. Here's where I encountered bug 1. Running
Essentially, this is saying protector Step 3Before we remove the old login protector, we should protect the directory with a login protector on the new system. First we create the login protector with Next, we protect the directory with the new protector:
This might cause some strange output as
Using this directory will now work normally. Step 4Now we have this weird remaining protector Right now removing this unnecessary protector is not possible (not that it really harms anything). Ideally, we would have |
@kamentomov let me know if the stuff in Step 3 above helps you setup a login protector on the new system. |
@josephlr Saved my life - thanks! It worked.
By the way I removed the old login protector file. It appears when getting the status but at least I get no error. |
#338 will make it possible to use |
Removing login protector fails.
`
➜ fscrypt status /mnt
ext4 filesystem "/mnt" has 2 protectors and 1 policy
PROTECTOR LINKED DESCRIPTION
e9c9ed7ea8188b59 Yes (/) login protector for kamen
eb043cdbd9a92c9d No custom protector "transferprot"
POLICY UNLOCKED PROTECTORS
1b2353ac3ff97803 Yes e9c9ed7ea8188b59, eb043cdbd9a92c9d
➜ fscrypt metadata remove-protector-from-policy --protector=/mnt:e9c9ed7ea8188b59 --policy=/mnt:1b2353ac3ff97803 --verbose
2020/10/24 03:56:07 parsed flag: mountpoint="/mnt" descriptor=e9c9ed7ea8188b59
2020/10/24 03:56:07 Reading config from "/etc/fscrypt.conf"
2020/10/24 03:56:07 creating context for "kamen"
2020/10/24 03:56:07 mnt_dir /run/snapd/ns/ufw.mnt: not a directory
2020/10/24 03:56:07 getting mnt_dir: /run/user/123/gvfs: permission denied
2020/10/24 03:56:07 mnt_dir /run/snapd/ns/snap-store.mnt: not a directory
2020/10/24 03:56:07 mnt_dir /run/snapd/ns/keepassxc.mnt: not a directory
2020/10/24 03:56:07 found ext4 filesystem "/mnt" (/dev/sdc8)
2020/10/24 03:56:07 Getting protector e9c9ed7ea8188b59
2020/10/24 03:56:07 could not read metadata at "/mnt/.fscrypt/protectors/e9c9ed7ea8188b59"
fscrypt metadata remove-protector-from-policy: filesystem /mnt: descriptor e9c9ed7ea8188b59: could not find metadata
`
I created a encrypted system on one machine with a login protector and then moved to another machine. I need to make a new login protector. Meanwhile I created a custom protector to get by. The problem is I can not remove it neither on the new machine nor on the old. I will loose the old machine in a few hours so if it is needed then this is urgent so please help.
The text was updated successfully, but these errors were encountered: