LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Having an issue automounting an encrypted directory with fstab: SLES12.5 (https://www.linuxquestions.org/questions/linux-security-4/having-an-issue-automounting-an-encrypted-directory-with-fstab-sles12-5-a-4175735025/)

rksim 03-18-2024 07:51 AM
Having an issue automounting an encrypted directory with fstab: SLES12.5
 
Hi Everyone! I am on SLES12.5 and could use some serious help.

I was given an existing golden image and told to setup data at rest encryption on the /home directory and the /DATA(our custom Data dir). It was also requersted that I not use a keyfile but make the user enter the password on boot. I did not want to break the system so I decided I would create a new partition for /home and start from there. it ended up being sda9. I used luks to encrypt the partition. opened the partition, mounted it manually successfully.

I created the entry in the /etc/crypttab file as follows:

Code:
luksHome /dev/sda9 none luks
I created the entry in the /etc/fstab file as follows:
Code:
/dev/mapper/luksHome /mnt ext4 nosuid,nodev,acl,user_xattr 1 2
I ensured the boot.crypto init script was installed from here and was enabled:
OpenSuse boot.crypto github

The system starts to boot normally, and pauses durring boot to ask me to enter the encryption passphrase. Upon successfully entering the passphrase boot continues and does the following:

Code:
WARNING: Locking directory /run/cryptsetup is missing!
Enter passphrase for /dev/sda9: You are in emergency mode after login type journalctl -xb to view system logs.
Trying to enter the passphrase just reprompts for the passphrase. if you get it wrong 3 times it will then let you log in as the root user like normal rescue mode.
Running an ll on /dev/mapper to find luksHome you can see it hasnt unlocked and mapped the drive yet.

Code:
ll /dev/mapper/
control
IF I then go and comment out the fstab entry for /dev/mapper/luksHome and reboot, the system boots as expected. It Pauses booting to ask for the password and continues to boot successfully. Once logged into the OS, I open a terminal, su to root, and run the ll on /dev/mapper again.

Code:
ll /dev/mapper/
control
luksHome
Can Anyone at all tell me what I am doing wrong? I am almost positive it it is in the /etc/fstab entry, but the entry looks ok and I have even tried the enrty as follows with no success. This stuff is usually my bread and butter so saying i have reached peak frustration is an understatement.

Code:
/dev/mapper/luksHome                          /testluksmnt              ext4          defaults                            1 2
Thanks again!

viel 03-19-2024 06:12 AM
Hi,

Can you see how the partition has mounted when it is not in fstab?

Compare with the fstab commented line to see what change, maybe you need to update it.

Hope that helps.

Viel.

rksim 03-19-2024 02:28 PM
Hi, I can mount it manually and even run mount -av and get a successful mount with no issues. I have a feeling that the OS is trying to mount the partition before it is decrypted but im not sure how to fix the order of operations there.


All times are GMT -5. The time now is 10:50 PM.