[dm-crypt] cryptsetup problem with memory allocation
marek.belisko at gmail.com
Tue Jul 8 08:22:57 CEST 2014
On Fri, Jul 4, 2014 at 6:44 PM, Milan Broz <gmazyland at gmail.com> wrote:
> On 07/04/2014 05:02 PM, Belisko Marek wrote:
>> On Tue, Jun 24, 2014 at 1:12 AM, Alasdair G Kergon <agk at redhat.com> wrote:
>>>>> I track it down that malloc fails (ENONMEM) in libdevmapper and then
>>>>> _dm_check_versions() fails when creating dm task (dmt =
>>> After updating to the most recent version you are able to use,
>>> run it under strace and let us see the relevant output (at least the
>>> failing system call itself, what leads up to it, including all early
>>> memory-related system calls and DM ioctls) and any environment variables
>>> set that could modify behaviour.
>> when update to latest cryptsetup (1.64) I can see different error as with 1.62:
>> ioctl(6, DM_VERSION, 0x1e340) = -1 EACCES (Permission denied)
>> So it seems that gcrypt probably drop privileges (as running on
>> embedded system I'm root)?
> Just guess, but do you have gcrypt compiled with Posix capabilities?
> If so, it cannot work. See this comment in cryptsetup gcrypt wrapper
> (you can workaround it by uncommenting this #if and rebuild cryptsetup)
#if 1 fixed my problem. Thanks for help!
> /* FIXME: If gcrypt compiled to support POSIX 1003.1e capabilities,
> * it drops all privileges during secure memory initialisation.
> * For now, the only workaround is to disable secure memory in gcrypt.
> * cryptsetup always need at least cap_sys_admin privilege for dm-ioctl
> * and it locks its memory space anyway.
> #if 0
> gcry_control (GCRYCTL_DISABLE_SECMEM);
> crypto_backend_secmem = 0;
> gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN);
> gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
> gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
as simple and primitive as possible
Marek Belisko - OPEN-NANDRA
Ruska Nova Ves 219 | Presov, 08005 Slovak Republic
Tel: +421 915 052 184
More information about the dm-crypt