Ubuntu
gnome-screensaver package

unlocking screensaver hangs when ecryptfs is unmounted

Bug #515155 reported by Werner Koerner
42
This bug affects 6 people
Affects Status Importance Assigned to Milestone
ecryptfs-utils (Ubuntu)
Confirmed
Medium
Unassigned
gnome-screensaver (Ubuntu)
Confirmed
Low
Ubuntu Desktop Bugs

Bug Description

Binary package hint: gnome-screensaver

When the screen is locked by gnome-screensaver unlocking using the correct password freezes the system. When i change to a console "top" shows 100% cpu usage by gnome-screensaver, killing gnome-screensaver unlocks the screen.
This problem started after i setup an encrypted private directory using ecryptfs-utils.

In order to reproduce:

Unmount ecryptfs:
  ecryptfs-umount-private

Make sure the encrypted private directory is really unmounted by starting "ecryptfs-umount-private" a second time, the message
  keyctl_search: Required key not available
  Perhaps try the interactive 'ecryptfs-mount-private'
should appear.

Lock screensaver (gnome-screensaver-command -l) and try to unlock it.

I noticed the problem on a netbook running ubuntu 9.10, but was able to reproduce it on a desktop (ubuntu 9.10 32 bit).

Revision history for this message
Chris Coulson (chrisccoulson) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. I'm not confirming the issue here though. Please try to obtain a backtrace following the instructions at http://wiki.ubuntu.com/DebuggingProgramCrash and upload the backtrace (as an attachment) to the bug report. This will greatly help us in tracking down your problem.

Changed in gnome-screensaver (Ubuntu):
assignee: nobody → Ubuntu Desktop Bugs (desktop-bugs)
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Werner Koerner (werner-koerner) wrote :

The problem is caused by the pam-module pam_ecryptfs.so from package ecryptfs-utils, which tries to mount the encrypted private directory when the screensaver is unlocked.

This seems to be a known problem and is mentioned in /usr/share/doc/ecryptfs-utils/ecryptfs-pam-doc.txt.gz:

Troubleshooting

      Problem: Attempts to authenticate to the gnome-screensaver
      application result in a long pause and a failed attempt.

            Solution: Your PAM stack is not set up correctly. Make
            certain that /etc/pam.d/gnome-screensaver does not point
            to a file in the auth context that includes
            pam_ecryptfs.so.

On ubuntu 9.10 with ecryptfs-utils installed /etc/pam.d/gnome-screensaver includes pam_ecryptfs.so via /etc/pam.d/common-auth.

Revision history for this message
Krzysztof Klimonda (kklimonda) wrote :

I can confirm that. Attached backtrace

Changed in gnome-screensaver (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for reporting this. Are you still able to reproduce this issue with Ubuntu 10.10 (Maverick)?

Changed in gnome-screensaver (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Tuomas Heino (iheino+ub) wrote :

LP:#742321 (on Maverick) may be related.

TomasHnyk (sup)
Changed in gnome-screensaver (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
TomasHnyk (sup) wrote :

I am confirming this on an up-to-date Natty.

I have ecryptfs installed and I have encrypted just one directory. I use autologin and so the encrypted directory is not mounted on login and I have to mount the encrypted directory manually and so it often happens that it is not mounted when I suspend. Then, it takes a long time (I would say two minutes, but it might vary, until now I thought it just froze and rebooted the computer.) to timeout.

I am not sure this is a bug in gnome-screensaver. It is at lest in PAM, if not in ecryptfs, no?

Revision history for this message
TomasHnyk (sup) wrote :

To workaround this, just comment out this line in your /etc/pam.d/common-auth
#auth optional pam_ecryptfs.so unwrap

Revision history for this message
TomasHnyk (sup) wrote :

Adding ecryptfs-utils since their installation puts
auth optional pam_ecryptfs.so unwrap
into
/etc/pam.d/common-auth
and thus triggers the bug

Maybe also libpam-runtime should be added since it seems something wrong is happening there too.

Launchpad Janitor (janitor)
Changed in ecryptfs-utils (Ubuntu):
status: New → Confirmed
Dustin Kirkland  (kirkland)
Changed in ecryptfs-utils (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Chris (bridgeriver) wrote :

If you're not using ecryptfs, you can remove the PAM config files' references to it with this command:

# pam-auth-update --remove ecryptfs-utils

On my laptop that restored the login delay to its normal (very short) time.

Revision history for this message
Riccardo Murri (rmurri) wrote :

I can confirm this with 12.04 (precise)

Revision history for this message
Matthew Weier O'Phinney (mweierophinney) wrote :

Still observing this on 14.04, and first observed starting in 13.10. I'm not using an encrypted filesystem.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.