Skip to content

cryptsetup keydev may be re-mounted and persist after switching root #28021

New issue
New issue
Open
Open
cryptsetup keydev may be re-mounted and persist after switching root#28021
Labels
bug 🐛Programming errors, that need preferential fixingcryptsetup
@yan12125

Description

@yan12125
yan12125
opened on Jun 13, 2023

systemd version the issue has been seen with

253.5-1

Used distribution

Arch Linux

Linux kernel version used

6.3.7-arch1-1

CPU architectures issue was seen on

x86_64

Component

systemd-cryptsetup

Expected behaviour you didn't see

The cryptsetup keydev is properly unmounted

Unexpected behaviour you saw

The cryptsetup keydev is unmounted and mounted again, and remains mounted after switching root. mount | grep keydev shows:

/dev/sdb1 on /run/systemd/cryptsetup/keydev-ArchLinux type vfat (ro,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro)

Steps to reproduce the problem

Setup a keydev to unlock LUKS.

  1. Add rd.luks.* to the kernel cmdline. The is the final cmdline on my system:
root=/dev/mapper/ArchLinux loglevel=3 audit=0 rw rd.luks.name=3b3e2028-743e-4aeb-ace6-0208ec7069cf=ArchLinux rd.luks.key=3b3e2028-743e-4aeb-ace6-0208ec7069cf=/luks.key:LABEL=YEN rd.luks.options=3b3e2028-743e-4aeb-ace6-0208ec7069cf=discard,keyfile-timeout=5s systemd.log_level=debug
  1. Generate initramfs with dracut. Here I use 056 due to some packaging issues (057 release without a signed tag and no signed assets dracutdevs/dracut#1850)
  2. Reboot and check the output of mount | grep keydev

Additional program output to the terminal or log subsystem illustrating the issue

6月 13 21:50:32 systemd[1]: unit_file_build_name_map: normal unit file: /run/systemd/generator/keydev-ArchLinux-umount.service
 6月 13 21:50:32 systemd[1]: unit_file_build_name_map: normal unit file: /run/systemd/generator/run-systemd-cryptsetup-keydev\x2dArchLinux.mount
 6月 13 21:50:32 systemd[1]: keydev-ArchLinux-umount.service: Installed new job keydev-ArchLinux-umount.service/start as 13
 6月 13 21:50:33 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: starting held back, waiting for: dev-disk-by\x2dlabel-YEN.device
 6月 13 21:50:33 systemd[1]: systemd-cryptsetup@ArchLinux.service: starting held back, waiting for: run-systemd-cryptsetup-keydev\x2dArchLinux.mount
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: About to execute /usr/bin/mount /dev/disk/by-label/YEN /run/systemd/cryptsetup/keydev-ArchLinux -o ro
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Forked /usr/bin/mount as 311
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounting
 6月 13 21:50:35 systemd[1]: Mounting /run/systemd/cryptsetup/keydev-ArchLinux...
 6月 13 21:50:35 (moun[311]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Executing: /usr/bin/mount /dev/disk/by-label/YEN /run/systemd/cryptsetup/keydev-ArchLinux -o ro
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed mounting -> mounting-done
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Child 311 belongs to run-systemd-cryptsetup-keydev\x2dArchLinux.mount.
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Mount process exited, code=exited, status=0/SUCCESS (success)
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed mounting-done -> mounted
 6月 13 21:50:35 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Job 11 run-systemd-cryptsetup-keydev\x2dArchLinux.mount/start finished, result=done
 6月 13 21:50:35 systemd[1]: Mounted /run/systemd/cryptsetup/keydev-ArchLinux.
 6月 13 21:50:35 systemd[1]: keydev-ArchLinux-umount.service: starting held back, waiting for: systemd-cryptsetup@ArchLinux.service
 6月 13 21:50:35 systemd[1]: systemd-cryptsetup@ArchLinux.service: About to execute /usr/lib/systemd/systemd-cryptsetup attach ArchLinux /dev/disk/by-uuid/3b3e2028-743e-4aeb-ace6-0208ec7069cf /run/systemd/cryptsetup/keydev-ArchLinux/luks.key discard,keyfile-timeout=5s
 6月 13 21:50:35 (ypts[315]: systemd-cryptsetup@ArchLinux.service: Executing: /usr/lib/systemd/systemd-cryptsetup attach ArchLinux /dev/disk/by-uuid/3b3e2028-743e-4aeb-ace6-0208ec7069cf /run/systemd/cryptsetup/keydev-ArchLinux/luks.key discard,keyfile-timeout=5s
 6月 13 21:50:35 systemd-cryptsetup[315]: Key file /run/systemd/cryptsetup/keydev-ArchLinux/luks.key is world-readable. This is not a good idea!
 6月 13 21:50:35 systemd-cryptsetup[315]: /run/systemd/cryptsetup/keydev-ArchLinux/luks.key has 0755 mode that is too permissive, please adjust the ownership and access mode.
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Will spawn child (service_enter_start): /usr/bin/umount
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Passing 0 fds to service
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: About to execute /usr/bin/umount /run/systemd/cryptsetup/keydev-ArchLinux
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Forked /usr/bin/umount as 539
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Changed dead -> running
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Job 13 keydev-ArchLinux-umount.service/start finished, result=done
 6月 13 21:50:38 systemd[1]: Started keydev-ArchLinux-umount.service.
 6月 13 21:50:38 (umou[539]: keydev-ArchLinux-umount.service: Executing: /usr/bin/umount /run/systemd/cryptsetup/keydev-ArchLinux
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Deactivated successfully.
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed mounted -> dead
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Consumed 4ms CPU time.
 6月 13 21:50:38 systemd[1]: Cannot stat /run/credentials/run-systemd-cryptsetup-keydev\x2dArchLinux.mount: No such file or directory
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Child 539 belongs to keydev-ArchLinux-umount.service.
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Main process exited, code=exited, status=0/SUCCESS (success)
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Deactivated successfully.
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Service will not restart (restart setting)
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Changed running -> dead
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Consumed 59ms CPU time.
 6月 13 21:50:38 systemd[1]: Cannot stat /run/credentials/keydev-ArchLinux-umount.service: No such file or directory
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Control group is empty.
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Installed new job run-systemd-cryptsetup-keydev\x2dArchLinux.mount/start as 97
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: Installed new job keydev-ArchLinux-umount.service/start as 107
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/keydev_2dArchLinux_2dumount_2eservice interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=29 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/keydev_2dArchLinux_2dumount_2eservice interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=30 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/run_2dsystemd_2dcryptsetup_2dkeydev_5cx2dArchLinux_2emount interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=43 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/run_2dsystemd_2dcryptsetup_2dkeydev_5cx2dArchLinux_2emount interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=44 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: About to execute /usr/bin/mount /dev/disk/by-label/YEN /run/systemd/cryptsetup/keydev-ArchLinux -o ro
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Forked /usr/bin/mount as 565
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/run_2dsystemd_2dcryptsetup_2dkeydev_5cx2dArchLinux_2emount interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=137 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/run_2dsystemd_2dcryptsetup_2dkeydev_5cx2dArchLinux_2emount interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=138 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounting
 6月 13 21:50:38 systemd[1]: Mounting /run/systemd/cryptsetup/keydev-ArchLinux...
 6月 13 21:50:38 (moun[565]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Executing: /usr/bin/mount /dev/disk/by-label/YEN /run/systemd/cryptsetup/keydev-ArchLinux -o ro
 6月 13 21:50:38 systemd[1]: keydev-ArchLinux-umount.service: starting held back, waiting for: run-systemd-cryptsetup-keydev\x2dArchLinux.mount
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/run_2dsystemd_2dcryptsetup_2dkeydev_5cx2dArchLinux_2emount interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=175 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: Sent message type=signal sender=org.freedesktop.systemd1 destination=n/a path=/org/freedesktop/systemd1/unit/run_2dsystemd_2dcryptsetup_2dkeydev_5cx2dArchLinux_2emount interface=org.freedesktop.DBus.Properties member=PropertiesChanged cookie=176 reply_cookie=0 signature=sa{sv}as error-name=n/a error-message=n/a
 6月 13 21:50:38 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: not serializing before switch-root
 6月 13 21:50:39 (sd-gens)[570]: Not remounting /run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run, called for /
 6月 13 21:50:39 (sd-gens)[570]: Not remounting /run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run, called for /
 6月 13 21:50:39 systemd[1]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounted
 6月 13 21:50:39 systemd[1]: keydev-ArchLinux-umount.service: Collecting.
 6月 13 21:50:44 (imesyncd)[789]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:44 (imesyncd)[789]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:44 (d-logind)[799]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:44 (d-logind)[799]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 (ostnamed)[843]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 (ostnamed)[843]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 (ostnamed)[843]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 (ostnamed)[843]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 (s-daemon)[855]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 (s-daemon)[855]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:45 systemd[847]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounted
 6月 13 21:50:46 systemd[940]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounted
 6月 13 21:50:49 (-localed)[1028]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:49 (-localed)[1028]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:49 (upowerd)[1038]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:49 (upowerd)[1038]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:50 (geoclue)[1047]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 21:50:50 (geoclue)[1047]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:45 systemd[5881]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounted
 6月 13 22:02:45 (-localed)[5938]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:45 (-localed)[5938]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:46 (geoclue)[5950]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:46 (geoclue)[5950]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:46 (ostnamed)[6076]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:46 (ostnamed)[6076]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:46 (ostnamed)[6076]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:02:46 (ostnamed)[6076]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:20 systemd[6488]: run-systemd-cryptsetup-keydev\x2dArchLinux.mount: Changed dead -> mounted
 6月 13 22:04:21 (-localed)[6545]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:21 (-localed)[6545]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:21 (geoclue)[6557]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:21 (geoclue)[6557]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:22 (ostnamed)[6690]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:22 (ostnamed)[6690]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:22 (ostnamed)[6690]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/
 6月 13 22:04:22 (ostnamed)[6690]: Not remounting /run/systemd/unit-root/run/systemd/cryptsetup/keydev-ArchLinux deny-listed by /run/systemd/unit-root/run, called for /run/systemd/unit-root/

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug 🐛Programming errors, that need preferential fixingcryptsetup

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions