| 2023-03-30 12:51:28 |
Isaac True |
description |
I'm trying to create a new livecd-rootfs project and build on Launchpad but I'm running into an issue with cryptsetup. Namely I'm getting this error when trying to initialise the disk:
Device /dev/mapper/temporary-cryptsetup-442c22cd-dca6-4b87-957f-1b3a5f6f7cc9_dif does not exist or access denied.
Full cryptsetup command line:
cryptsetup -q --key-file /var/tmp/kiwi_j6vt0i5z --type luks2 --cipher aes-gcm-random --integrity aead --pbkdf pbkdf2 luksFormat /dev/mapper/loop3p8
The source code/merge proposal for building this livecd-rootfs can be found here:
https://code.launchpad.net/~itrue/livecd-rootfs/+git/livecd-rootfs/+merge/439825
I've narrowed it down to this line in the cryptsetup source code:
https://git.launchpad.net/ubuntu/+source/cryptsetup/tree/lib/utils_device.c?h=applied/ubuntu/lunar#n206
This seems to show that the device file cannot be opened by cryptsetup after the mapping has been successfully initialised. My current thinking is that cryptsetup is creating some device nodes which are blocked for reading by some (cgroups?) security policy on Launchpad.
As cryptsetup seems to have been able to successfully create the device nodes, but it just can't open them afterwards. Is there some way to adjust the security policy to allow these device nodes? |
I'm trying to create a new livecd-rootfs project and build on Launchpad but I'm running into an issue with cryptsetup. Namely I'm getting this error when trying to initialise the disk:
Device /dev/mapper/temporary-cryptsetup-442c22cd-dca6-4b87-957f-1b3a5f6f7cc9_dif does not exist or access denied.
Full cryptsetup command line:
cryptsetup -q --key-file /var/tmp/kiwi_j6vt0i5z --type luks2 --cipher aes-gcm-random --integrity aead --pbkdf pbkdf2 luksFormat /dev/mapper/loop3p8
The source code/merge proposal for building this livecd-rootfs can be found here:
https://code.launchpad.net/~itrue/livecd-rootfs/+git/livecd-rootfs/+merge/439825
I've narrowed it down to this line in the cryptsetup source code:
https://git.launchpad.net/ubuntu/+source/cryptsetup/tree/lib/utils_device.c?h=applied/ubuntu/lunar#n206
After some more debugging, the open() call returns ENOENT. This seems to show that the device file cannot be opened by cryptsetup after the mapping has been successfully initialised. My current thinking is that cryptsetup is creating some device nodes which are blocked for reading by some (cgroups?) security policy on Launchpad.
Cryptsetup seems to have been able to successfully create the device nodes, but it just can't open them afterwards. Is there some way to adjust the security policy to allow these device nodes? |
|
