At Sun, 20 Jan 2008 16:58:34 +0100, Jonas Meurer wrote: > We got a bugreport against cryptsetup 1.0.6~pre1-1 (which is identical > to the current svn repository) which claims that luksAddKey does not > work on active LUKS devices anymore. The submitter added later, that it > still worked with cryptsetup 1.0.5-1, so this bug must have been > introduced after that release. Most likely this behaviour is part of the new 'sanity' checking I introduced before certain operations. The most visible change is that luksOpen for instance fails early -- that is -- fails before asking for a password, instead of complaining about an unaccessible device later. This sanity checking (and also all other operations) use O_EXCL from now on to ensure that no one else fiddles with the device when LUKS is using it. The bug reported could be a result of the underlying device being mounted (luksOpen'd) as this adds a mapping to device-mapper which will prevent all further raw block device accesses with O_EXCL. My main intention was to prevent multiple luksOpen'd devices, as this (in my opinion) is usually not neccessary and most likely an error. But using luksAddKey on an opened partition seems reasonable. For the moment, one can either close the partition before using luksAddKey or use losetup redirect /dev/loop/X to the original device, so that /dev/loop/X can be accessed with O_EXCL. --- Fruhwirth Clemens - http://clemens.endorphin.org --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
