cryptsetup complains about INSECURE OWNER on boot after installing selinux
Bug #231339 reported by
goto
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cryptsetup (Ubuntu) |
Fix Released
|
Medium
|
Reinhard Tartler |
Bug Description
Binary package hint: cryptsetup
The problem appears to arise from the fact that SElinux-labeled volumes use POSIX file attributes such that an `ls -l` looks like this:
-r--------+ 1 root root 96 2007-11-20 15:15 volume_key
instead of just
-r-------- 1 root root 96 2007-11-20 15:15 volume_key
As a result the check_key() function in /lib/cryptsetup
I have encountered this supposed bug with 2:1.0.5-2ubuntu12 (Ubuntu Hardy).
Attached please find a patch that will solve the problem. Feel free to improve on it.
Changed in cryptsetup: | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in cryptsetup: | |
assignee: | nobody → siretart |
status: | Triaged → Fix Committed |
To post a comment you must log in.
This bug was fixed in the package cryptsetup - 2:1.0.6-2ubuntu1
---------------
cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low
* Merge new debian version. Remaining changes: functions: stop usplash on user input. LP #62751 patches/ 06_run_ udevsettle. patch functions: remove spurious call to load_optimized_ module. functions for rexecing the script itself for
- Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
bzr on launchpad.
- debian/rules: cryptsetup is linked dynamically against libgcrypt and
libgpg-error.
- cryptdisks.
- Parse comments in lines not starting with '#', LP #185380
- If the encrypted source device hasn't shown up yet, give it a
little while to deal with removable devices. LP #164044
* Depend on race-free version of libdevmapper, thus making udevsettle
call from cryptsetup binary unnecessary. Dropping patch
debian/
* remove patch from LP #73862, loading optimized modules has been solved
in debian in another way.
* cryptdisk.
LP: #239946
* bugfix: make regex work if keyfile has extended attributes. LP: #231339.
* remove patch in cryptdisks.
ensuring that a tty is always available. (See LP #58794.) According to
Scott, this is not necessary anymore.
cryptsetup (2:1.0.6-2) unstable; urgency=low
[ Jonas Meurer ] scripts/ luksformat: Use 256 bit key size by default. (LP: #78508) patches/ 02_manpage. patch: Clarify default key sizes (128 for
* Taken from ubuntu:
- debian/
- debian/
luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508)
* Use 'shred -uz' instead of 'rm -r' to remove a tempfile that contains a
key in gen-ssl-key example script.
[ David Härdeman ]
* Misc bugfixes to askpass, make sure it is installed to the correct
location and is built using pedantic mode.
* Change the initramfs script to use askpass to prompt for
passphrases, this should hopefully fix #382375 and #465902 once it
is enabled in the init scripts as well.
* Add a keyscript called passdev which allows a keyfile to be
retrieved from a device which is first mounted, mainly useful to get
keyfiles off USB devices etc.
* Unbreak MODULES=dep booting (closes: #478268)
* Relax checks for suspend devices a bit (closes: #477658)
* Convert man pages to docbook.
cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low
[ Kjell Braden ]
* Fix configuration parsing (LP: #239808)
[ Reinhard Tartler ]
* cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723)
-- Reinhard Tartler <email address hidden> Sat, 14 Jun 2008 23:28:51 +0200