tmuehlbacher
commented
2 months ago I think that this should be better in v1.9.1 or even completely resolved?
Open phedders opened 3 months ago
tmuehlbacher
commented
2 months ago I think that this should be better in v1.9.1 or even completely resolved?
Short version - it seems "bcachefs unlock" gets a key into the @u user list, but bcachefs mount searches for a key in the @s session list.
Advice in various places suggests to use keyctl link @u @s - however this does not always work.
If my suspicion is correct, then it would make more sense for unlock to put the key in the Session list OR for mount to check the User list.
My preference would be that mount checks @u AND @s. Kent suggested it would be more secure for unlock to put the key in the session list. In my experience so far, the kernel session list is very flakey.
I am also no sure why (perhaps this is a second issue?) it is required to unlock before mount anyway - bcachefs mount asks for a passphrase but doesnt seem to use it.
OBThanks: to Kent and all the others creating this amazing code - thankyou!