Open nokia8801 opened 5 months ago
ebiggers
commented
5 months ago Does lsof show any open files in the directory?
Also, did you assign the same encryption policy to multiple directories, using fscrypt encrypt --policy=MOUNTPOINT:ID, or did you just use regular fscrypt encrypt?
nokia8801
commented
5 months ago lsof +D test/ doesn't show anything. Neither does lsof -x f +D test/. I know the lsof +D test/ command works cause when actually viewing a file, it reports correctly that only that file is open. When I quit viewing the file, the command returns nothing. If I just do lsof > test.txt I can see the same Cannot stat file /proc/1025/fd/0: Permission denied errors at the top of the file, but worded differently.
COMMAND PID TID TASKCMD USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1028 nokia8801 0 unknown /proc/1028/fd/0 (readlink: Permission denied)
...I just used regular fscrypt encrypt for all the test folders. They all have different policies (different hashes) with different passwords for custom protector.
Even unlocking and trying to lock after doing nothing, not opening files or even doing ls/cd into folder, doesn't work.
ebiggers
commented
5 months ago Can you check which file it is that is still in use? Try dmesg | grep "still busy after removing key", then find test/ -inum $inum, replacing $inum with the inode number from the end of the log message.
nokia8801
commented
5 months ago dmesg | grep "still busy after removing key"
[ 1242.720357] fscrypt: dm-0: 36 inode(s) still busy after removing key with identifier f307c445aef870630f1d56a6e272320c, including ino 483455
[ 1442.561889] fscrypt: dm-0: 36 inode(s) still busy after removing key with identifier f307c445aef870630f1d56a6e272320c, including ino 483455
[ 1998.322127] fscrypt: dm-0: 36 inode(s) still busy after removing key with identifier f307c445aef870630f1d56a6e272320c, including ino 483455
[ 2195.510761] fscrypt: dm-0: 38 inode(s) still busy after removing key with identifier f307c445aef870630f1d56a6e272320c, including ino 475592
[ 2507.639055] fscrypt: dm-0: 38 inode(s) still busy after removing key with identifier f307c445aef870630f1d56a6e272320c, including ino 475592find test/ -inum 483455 and find test/ -inum 475592 shows two folders.
Edit: I have since tried the other fscrypt encrypted folders that I have and they lock properly, even though I can view, open and close the files as much as I want.
Now I created a new fscrypt encrypted folder (test3), created a text file with random words on it, viewed it and successfully locked it. Then I unlocked it and downloaded a wallpaper in it, viewed it and tried to lock it. Same issue. sudo dmesg | grep "still busy after removing key" shows [ 5221.166904] fscrypt: dm-0: 1 inode(s) still busy after removing key with identifier ec7e3c4a83a723035f77cbb6a36a686e, including ino 426085 and find test3/ -inum 426085 just shows test3/ and lsof +D test3/ shows nothing again.
josephlr
commented
5 months ago Hmmm this is very weird, I'm wondering if some process running as root is somehow holding onto a reference to one of the files. When you ran lsof was this done as root?
nokia8801
commented
5 months ago I did not run lsof as root. If I do I get:
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
lsof: WARNING: can't stat() fuse.portal file system /run/user/1000/doc
Output information may be incomplete.So I'm trying to understand what could possibly be doing this. Here's what I've tried so far.
mkdir test5fscrypt encrypt test5fscrypt lock test5/ (successfully locked)fscrypt unlock test5/; cd test5/; ls; cd ..; fscrypt lock test5/ (successfully locked)fscrypt unlock test5/; cd test5/; echo "asd123" > text.txt; cd ..; fscrypt lock test5/ (successfully locked)fscrypt unlock test5/; cd test5/; nano text.txt & gedit text.txt (quitting both nano and gedit)cd ..; fscrypt lock test5/ (successfully locked)fscrypt unlock test5/; cd test5/; wget "https://upload.wikimedia.org/wikipedia/commons/a/a5/Red_Kitten_01.jpg"; cd ..; fscrypt lock test5/ (successfully locked)fscrypt unlock test5/; cd test5/; mpv Red_Kitten_01.jpg (quitting mpv)cd ..; fscrypt lock test5/ (successfully locked)fscrypt unlock test5/ and open the folder with GNOME Files (Thumbnail for Red_Kitten_01.jpg is generated) and fscrypt lock test5/ (successfully locked)fscrypt unlock test5/ and open the folder again (thumbnail still visible), view the file with mpv again (double clicking) and fscrypt lock test5/ (successfully locked)fscrypt unlock test5/, download an image using Firefox and the GNOME GTK file chooser save dialog, choose test5/ and save it, then fscrypt lock test5/ (failed to lock)[ERROR] fscrypt lock: Directory was incompletely locked because some files are still open. These files remain
accessible.
Try killing any processes using files in the directory, for example using:
find "test5/" -print0 | xargs -0 fuser -k
Then re-run:
fscrypt lock "test5/"That is just the new test folder I created. The main folder that I'm trying to lock, the reason I made this issue report is different. It immediately fails to lock after unlocking. Doesn't matter if I open it or not.
ebiggers
commented
5 months ago There has to be something that is holding a reference to one of the files. Technically, this doesn't necessarily mean that a file is "open" -- it could also be a process that has its current directory inside the directory or a kernel driver that has an internal reference to one of the files. I wonder what is different about case (13)? Maybe GNOME GVfs could be involved?
nokia8801
commented
5 months ago I deleted the two folders that was "still busy after removing key" with inum 475592 and 483455. I still can't lock it. Now it shows a completely different folder when I query with dmesg, inum 483458. When I did the original dmesg query, it did not show 483458 as "still busy after removing key", only showed the above two (475592 and 483455), now that I've deleted them it shows this folder. I feel like when I delete this folder too, it'll just choose another folder and it'll just keep going until there is nothing left, no folders or files. Maybe it won't be able to lock even then.
As I've demonstrated above, I don't think creating a brand new folder and encrypting that will help either. As eventually something will prevent it from locking too.
I have multiple folders encrypted with fscrypt in various directories. They have various files in them (images, videos, text). I open a file and close it with Ctrl+Q. Then I want to lock the folder with
fscrypt lock test/, however it always fails. Doesn't matter which folder or which file.Running
find "test/" -print0 | xargs -0 fuser -kas user I get:Running it as root I don't get the permission denied error. However, re-running
fscrypt lock test/still doesn't work. I make sure I close all files I open with Ctrl+Q. The thumbnails for the files are already generated. When it is "locked" in this state, I can see all the folder names and files, even the thumbnails, but I can't actually open or view any of them.This is what
fscrypt status test/says:Arch Linux linux 6.7.4.arch1-1 fscrypt version v0.3.4
When I reboot, the folders are properly locked and nothing inside is visible. But unlocking results in the same issue. Have to keep rebooting.