View previous topic :: View next topic |
Author |
Message |
lutel Tux's lil' helper
Joined: 19 Oct 2003 Posts: 110 Location: Pomroczna
|
Posted: Thu Jun 19, 2014 6:07 pm Post subject: dmcrypt - unable to create encrypted partition |
|
|
Hi,
Could you help me with this one, i'm trying to create new partiton, but i get error:
device-mapper: reload ioctl on failed: Invalid argument
Failed to open temporary keystore device.
Here is full debug output
Code: |
~ # cryptsetup --debug -h sha512 --cipher aes-xts-essiv:sha512 --key-size 512 --align-payload=4096 luksFormat /dev/md6
# cryptsetup 1.6.2 processing "cryptsetup --debug -h sha512 --cipher aes-xts-essiv:sha512 --key-size 512 --align-payload=4096 luksFormat /dev/md6"
# Running command luksFormat.
# Locking memory.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
WARNING!
========
This will overwrite data on /dev/md6 irrevocably.
Are you sure? (Type uppercase yes): YES
# Allocating crypt device /dev/md6 context.
# Trying to open and read device /dev/md6.
# Initialising device-mapper backend library.
# Timeout set to 0 miliseconds.
# Iteration time set to 1000 miliseconds.
# Interactive passphrase entry requested.
Enter passphrase:
Verify passphrase:
# Formatting device /dev/md6 as type LUKS1.
# Crypto backend (gcrypt 1.5.3) initialized.
System is out of entropy while generating volume key.
Please move mouse or type some text in another window to gather some random events.
Generating key (95% done).
Generating key (95% done).
Generating key (95% done).
Generating key (95% done).
Generating key (95% done).
Generating key (95% done).
Generating key (100% done).
# Generating LUKS header version 1 using hash sha512, aes, xts-essiv:sha512, MK 64 bytes
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha512: 222155 iterations per second.
# Data offset 4096, UUID ba3d5282-ad91-47ba-8162-6f08eb6a2b47, digest iterations 27000
# Updating LUKS header of size 1024 on device /dev/md6
# Key length 64, device size 3753428864 sectors, header size 4036 sectors.
# Reading LUKS header of size 1024 from device /dev/md6
# Key length 64, device size 3753428864 sectors, header size 4036 sectors.
# Adding new keyslot -1 using volume key.
# Calculating data for key slot 0
# Crypto backend (gcrypt 1.5.3) initialized.
# KDF pbkdf2, hash sha512: 225986 iterations per second.
# Key slot 0 use 110344 password iterations.
# Using hash sha512 for AF in key slot 0, 4000 stripes
# Updating key slot 0 [0x1000] area.
# Calculated device size is 500 sectors (RW), offset 8.
# Detected kernel Linux 3.14.5-hardened-r2 x86_64.
# dm version OF [16384] (*1)
# dm versions OF [16384] (*1)
# Detected dm-crypt version 1.13.0, dm-ioctl version 4.27.0.
# Device-mapper backend running with UDEV support disabled.
# DM-UUID is CRYPT-TEMP-temporary-cryptsetup-1005
# dm create temporary-cryptsetup-1005 CRYPT-TEMP-temporary-cryptsetup-1005 OF [16384] (*1)
# dm reload temporary-cryptsetup-1005 OFW [16384] (*1)
device-mapper: reload ioctl on failed: Invalid argument
# Cookie value is not set while trying to call DM_DEVICE_REMOVE ioctl. Please, consider using libdevmapper's udev synchronisation interface or disable it explicitly by calling dm_udev_set_sync_support(0).
# Switching off device-mapper and all subsystem related udev rules. Falling back to libdevmapper node creation.
# dm remove temporary-cryptsetup-1005 OFW [16384] (*1)
# temporary-cryptsetup-1005: Stacking NODE_DEL
# temporary-cryptsetup-1005: Processing NODE_DEL
Failed to open temporary keystore device.
# Cookie value is not set while trying to call DM_DEVICE_REMOVE ioctl. Please, consider using libdevmapper's udev synchronisation interface or disable it explicitly by calling dm_udev_set_sync_support(0).
# Switching off device-mapper and all subsystem related udev rules. Falling back to libdevmapper node creation.
# dm remove temporary-cryptsetup-1005 OFT [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-1005 failed: No such device or address
# WARNING: other process locked internal device temporary-cryptsetup-1005, retrying remove.
# dm reload temporary-cryptsetup-1005 NFR [16384] (*1)
device-mapper: reload ioctl on temporary-cryptsetup-1005 failed: No such device or address
# Cookie value is not set while trying to call DM_DEVICE_REMOVE ioctl. Please, consider using libdevmapper's udev synchronisation interface or disable it explicitly by calling dm_udev_set_sync_support(0).
# Switching off device-mapper and all subsystem related udev rules. Falling back to libdevmapper node creation.
# dm remove temporary-cryptsetup-1005 OFT [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-1005 failed: No such device or address
# WARNING: other process locked internal device temporary-cryptsetup-1005, retrying remove.
# Cookie value is not set while trying to call DM_DEVICE_REMOVE ioctl. Please, consider using libdevmapper's udev synchronisation interface or disable it explicitly by calling dm_udev_set_sync_support(0).
# Switching off device-mapper and all subsystem related udev rules. Falling back to libdevmapper node creation.
# dm remove temporary-cryptsetup-1005 OFT [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-1005 failed: No such device or address
# WARNING: other process locked internal device temporary-cryptsetup-1005, retrying remove.
# Cookie value is not set while trying to call DM_DEVICE_REMOVE ioctl. Please, consider using libdevmapper's udev synchronisation interface or disable it explicitly by calling dm_udev_set_sync_support(0).
# Switching off device-mapper and all subsystem related udev rules. Falling back to libdevmapper node creation.
# dm remove temporary-cryptsetup-1005 OFT [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-1005 failed: No such device or address
# WARNING: other process locked internal device temporary-cryptsetup-1005, retrying remove.
# Cookie value is not set while trying to call DM_DEVICE_REMOVE ioctl. Please, consider using libdevmapper's udev synchronisation interface or disable it explicitly by calling dm_udev_set_sync_support(0).
# Switching off device-mapper and all subsystem related udev rules. Falling back to libdevmapper node creation.
# dm remove temporary-cryptsetup-1005 OFT [16384] (*1)
device-mapper: remove ioctl on temporary-cryptsetup-1005 failed: No such device or address
# Releasing crypt device /dev/md6 context.
# Releasing device-mapper backend.
# Unlocking memory.
Command failed with code 5: Input/output error
|
And here is my dmesg (SELinux running in permissive mode)
Code: | [ 1242.987866] audit: type=1400 audit(1403207775.460:240): avc: denied { read } for pid=10457 comm="cryptsetup" name="ld.so.cache" dev="md1" ino=785512 scontext=root:sysadm_r:lvm_t tcontext=root:object_r:unlabeled_t tclass=file
[ 1242.987873] audit: type=1400 audit(1403207775.460:241): avc: denied { open } for pid=10457 comm="cryptsetup" path="/etc/ld.so.cache" dev="md1" ino=785512 scontext=root:sysadm_r:lvm_t tcontext=root:object_r:unlabeled_t tclass=file
[ 1242.987876] audit: type=1400 audit(1403207775.460:242): avc: denied { getattr } for pid=10457 comm="cryptsetup" path="/etc/ld.so.cache" dev="md1" ino=785512 scontext=root:sysadm_r:lvm_t tcontext=root:object_r:unlabeled_t tclass=file
[ 1246.687687] audit: type=1400 audit(1403207779.150:243): avc: denied { create } for pid=10457 comm="cryptsetup" scontext=root:sysadm_r:lvm_t tcontext=root:sysadm_r:lvm_t tclass=socket
[ 1246.687694] audit: type=1400 audit(1403207779.150:244): avc: denied { bind } for pid=10457 comm="cryptsetup" scontext=root:sysadm_r:lvm_t tcontext=root:sysadm_r:lvm_t tclass=socket
[ 1246.688228] audit: type=1400 audit(1403207779.150:245): avc: denied { accept } for pid=10457 comm="cryptsetup" scontext=root:sysadm_r:lvm_t tcontext=root:sysadm_r:lvm_t tclass=socket
[ 1246.688244] audit: type=1400 audit(1403207779.150:246): avc: denied { setopt } for pid=10457 comm="cryptsetup" scontext=root:sysadm_r:lvm_t tcontext=root:sysadm_r:lvm_t tclass=socket
[ 1246.688255] audit: type=1400 audit(1403207779.150:247): avc: denied { write } for pid=10457 comm="cryptsetup" scontext=root:sysadm_r:lvm_t tcontext=system_u:object_r:unlabeled_t tclass=socket
[ 1246.688282] audit: type=1400 audit(1403207779.150:248): avc: denied { read } for pid=10457 comm="cryptsetup" path="socket:[13081]" dev="sockfs" ino=13081 scontext=root:sysadm_r:lvm_t tcontext=root:sysadm_r:lvm_t tclass=socket
[ 1246.688285] audit: type=1400 audit(1403207779.150:249): avc: denied { read } for pid=10457 comm="cryptsetup" scontext=root:sysadm_r:lvm_t tcontext=system_u:object_r:unlabeled_t tclass=socket
[ 1276.952829] audit: type=1400 audit(1403207809.410:250): avc: denied { read } for pid=10473 comm="mdadm" name="mdadm.conf" dev="md1" ino=818093 scontext=system_u:system_r:mdadm_t tcontext=system_u:object_r:unlabeled_t tclass=file
[ 1276.952834] audit: type=1400 audit(1403207809.410:251): avc: denied { open } for pid=10473 comm="mdadm" path="/etc/mdadm.conf" dev="md1" ino=818093 scontext=system_u:system_r:mdadm_t tcontext=system_u:object_r:unlabeled_t tclass=file
[ 1277.809650] audit: type=1400 audit(1403207810.250:252): avc: denied { getattr } for pid=10471 comm="cryptsetup" name="/" dev="devtmpfs" ino=1025 scontext=root:sysadm_r:lvm_t tcontext=system_u:object_r:device_t tclass=filesystem
[ 1279.222408] audit: type=1400 audit(1403207811.670:253): avc: denied { setattr } for pid=39 comm="kdevtmpfs" name="dm-0" dev="devtmpfs" ino=17479 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:device_t tclass=blk_file
[ 1279.222581] device-mapper: table: 253:0: crypt: Error creating IV
[ 1279.222582] device-mapper: ioctl: error adding target to table
[ 1279.223135] audit: type=1400 audit(1403207811.670:254): avc: denied { read } for pid=10481 comm="dmsetup" name="ld.so.cache" dev="md1" ino=785512 scontext=system_u:system_r:lvm_t tcontext=root:object_r:unlabeled_t tclass=file
[ 1279.223139] audit: type=1400 audit(1403207811.670:255): avc: denied { open } for pid=10481 comm="dmsetup" path="/etc/ld.so.cache" dev="md1" ino=785512 scontext=system_u:system_r:lvm_t tcontext=root:object_r:unlabeled_t tclass=file
[ 1279.223142] audit: type=1400 audit(1403207811.670:256): avc: denied { getattr } for pid=10481 comm="dmsetup" path="/etc/ld.so.cache" dev="md1" ino=785512 scontext=system_u:system_r:lvm_t tcontext=root:object_r:unlabeled_t tclass=file
[ 1851.808949] device-mapper: table: 253:0: crypt: Error creating IV
[ 1851.808950] device-mapper: ioctl: error adding target to table
[ 1902.292569] audit: type=1400 audit(1403208434.490:257): avc: denied { read } for pid=10496 comm="dmesg" name="kmsg" dev="devtmpfs" ino=1034 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kmsg_device_t tclass=chr_file
[ 1902.292575] audit: type=1400 audit(1403208434.490:258): avc: denied { open } for pid=10496 comm="dmesg" path="/dev/kmsg" dev="devtmpfs" ino=1034 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kmsg_device_t tclass=chr_file
|
|
|
Back to top |
|
|
Tractor Girl Apprentice
Joined: 16 May 2013 Posts: 159
|
Posted: Thu Jun 19, 2014 6:35 pm Post subject: |
|
|
Does it work with default options?
Code: | cryptsetup luksFormat /dev/XXX |
|
|
Back to top |
|
|
lutel Tux's lil' helper
Joined: 19 Oct 2003 Posts: 110 Location: Pomroczna
|
Posted: Thu Jun 19, 2014 6:39 pm Post subject: |
|
|
yes it does! thank you
It works with aes-xts-plain64
but not with aes-xts-essiv:sha256
Is there any security drawback on this? |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Thu Jun 19, 2014 6:46 pm Post subject: |
|
|
lutel wrote: | Code: | Please, consider using libdevmapper's udev synchronisation interface or disable it explicitly by calling dm_udev_set_sync_support(0). |
|
lutel ...
No idea about SELinux but this just seems to be a udev issue, try the following:
/etc/lvm/lvm.conf
Code: | #udev_sync = 1
udev_sync = 0 |
HTH & best ... khay |
|
Back to top |
|
|
lutel Tux's lil' helper
Joined: 19 Oct 2003 Posts: 110 Location: Pomroczna
|
Posted: Thu Jun 19, 2014 6:50 pm Post subject: |
|
|
khayyam - thanks, it works with tractorgirl advice! |
|
Back to top |
|
|
Tractor Girl Apprentice
Joined: 16 May 2013 Posts: 159
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|