Could not login after cookie expiration

vloup commented 7 years ago

By default, the generated cookie has a max-age value of 8 hours (as defined in auth.go).

After it expires, if you interact with the UI, you are thrown back to the main login page. If you try to login, you have an "existing session" error message. If you restart the interlock daemon and try to login again, you have a "Device VOLUMENAME already exists". So, in the end, you are unable to login unless you reboot the entire system or manually do the umount.

As a solution, you could either:

Increment the cookie max-age value to 16 hours for example.
Properly close opened sessions when interlock stops.
Automatically close sessions when no activity is performed for cookie max-age time.
Renew the cookie when max-age/2 time already elapsed.

abarisani commented 7 years ago

This case is already handled, but not very well documented, you need to attempt to login again after an error (e.g. you get the error, then log in again without restarting the daemon).

If you confirm this applies to your case (it should) I can change the error message accordingly.

Cheers

vloup commented 7 years ago

I tried to be more stubborn by logging multiple times and observed if the problem persisted.

After the cookie expires, I can still attempt to login multiple times without any success. I still get the "existing session" error message. No changes there.

Then, if I restart the daemon and try to log twice. I will be able to access to the UI.

Is there a way I can avoid to restart the daemon? How about resetting the global session variable sessionData when sending this error message (I'm no pro of your code, and neither with golang)?

Thanks for your time.

abarisani commented 7 years ago

Ok, this is definitely a bug then. I'll take a look and get back.

abarisani commented 7 years ago

Could you please test fd6fcb01d983d10dbf8b076798965558b03cd71f ?

Thanks

vloup commented 7 years ago

I did give a shot to your latest commit and got mixed results.

When the cookie expires, this time I get a "Device volumename already exists" instead of the previous "existing session" message. I can try to login multiple times, I still get it and I am unable to connect. If I restart the daemon, I can log just fine on the second attempt.

abarisani commented 7 years ago

After any login error the encrypted volume will be unmounted.

I just tested that and post expiration I am able to re-log at the second attempt and without having to re-start the daemon.

I see no reason why this should happen differently your case. This is evident also from my debug logs (with comment to clarify the sequence):

# login post expiration
19:57:09 api.go:49: 10.0.0.2:37010 POST /api/auth/login
# try to open the LUKS volume
19:57:09 cmd.go:43: executing system command, sudo: true, cmd: /sbin/cryptsetup, args: [luksOpen /dev/lvmvolume/armory interlockfs]
# error was detected so we unmount first
19:57:14 status.go:50: unmounting encrypted volume on /home/interlock/.interlock-mnt
19:57:31 cmd.go:43: executing system command, sudo: true, cmd: /bin/umount, args: [/home/interlock/.interlock-mnt]
# now we lock the LUKS volume
19:57:31 status.go:50: locking encrypted volume
19:57:31 cmd.go:43: executing system command, sudo: true, cmd: /sbin/cryptsetup, args: [luksClose /dev/mapper/interlockfs]
# we give back the error
19:57:32 status.go:60: Device interlockfs already exists.
# we login for the second time after expiration, and first time after the error
19:57:42 api.go:49: 10.0.0.2:37010 POST /api/auth/login
19:57:42 status.go:50: unlocking encrypted volume armory
19:57:47 session.go:63: invalidating session opened at 2017-09-06 19:55:22.35901004 +0000 UTC
# successful login
19:57:47 session.go:66: new session for volume armory

Can you retest with debug mode on and send me logs in case this is confirmed, I would just need the log of the first and second login attempt after the cookie expires.

Thanks

vloup commented 7 years ago

It seems that I completely failed at testing your change on my side since it worked. It did directly work on the second login attempt. I was sure that I did the same procedure as today, but got a different result, whatever...

Just to illustrate, here is today's logs (cut down to its shortest form, it was a bit more than 6MB at first). Sorry for the clock skew at first, that's what you get when you start services before systemd-timesyncd kicks in on devices without RTC module :-)

Sep 07 00:36:59 armory systemd[1]: Starting INTERLOCK file encryption front-end...
Sep 07 00:37:00 armory systemd[1]: Started INTERLOCK file encryption front-end.
Sep 07 00:37:00 armory interlock[239]: 2017/09/07 00:37:00 starting INTERLOCK fd6fcb0 - alarm@armory on 2017-09-05 21:12:55 signal
Sep 07 00:37:00 armory interlock[239]: 2017/09/07 00:37:00 configuration file /etc/interlock.conf successfully parsed
Sep 07 00:37:00 armory interlock[239]: 2017/09/07 00:37:00 applied configuration:
Sep 07 00:37:00 armory interlock[239]: 2017/09/07 00:37:00
Sep 07 00:37:00 armory interlock[239]: {
Sep 07 00:37:00 armory interlock[239]:         "debug": true,
Sep 07 00:37:00 armory interlock[239]:         "static_path": "/usr/share/interlock-git/static",
Sep 07 00:37:00 armory interlock[239]:         "set_time": false,
Sep 07 00:37:00 armory interlock[239]:         "bind_address": "0.0.0.0:4430",
Sep 07 00:37:00 armory interlock[239]:         "tls": "on",
Sep 07 00:37:00 armory interlock[239]:         "tls_cert": "/var/lib/interlock/cert.pem",
Sep 07 00:37:00 armory interlock[239]:         "tls_key": "/var/lib/interlock/key.pem",
Sep 07 00:37:00 armory interlock[239]:         "tls_client_ca": "",
Sep 07 00:37:00 armory interlock[239]:         "hsm": "off",
Sep 07 00:37:00 armory interlock[239]:         "key_path": "keys",
Sep 07 00:37:00 armory interlock[239]:         "volume_group": "lvmvolume",
Sep 07 00:37:00 armory interlock[239]:         "ciphers": [
Sep 07 00:37:00 armory interlock[239]:                 "OpenPGP",
Sep 07 00:37:00 armory interlock[239]:                 "AES-256-OFB",
Sep 07 00:37:00 armory interlock[239]:                 "TOTP",
Sep 07 00:37:00 armory interlock[239]:                 "Signal"
Sep 07 00:37:00 armory interlock[239]:         ]
Sep 07 00:37:00 armory interlock[239]: }
Sep 07 00:37:01 armory interlock[239]: 2017/09/07 00:37:00 main.go:114: debug mode enabled
Sep 07 00:37:01 armory interlock[239]: 2017/09/07 00:37:01 tls.go:125: starting HTTPS server on 0.0.0.0:4430
Sep 07 00:37:11 armory interlock[239]: 2017/09/07 00:37:11 server.go:2848: http: TLS handshake error from 10.0.0.2:37244: remote error: tls: unknown certificate authority
Sep 07 07:58:47 armory interlock[239]: 2017/09/07 07:58:47 api.go:49: 10.0.0.2:37250 GET /api/auth/refresh
Sep 07 07:58:47 armory interlock[239]: 2017/09/07 07:58:47 api.go:192: {"response":null,"status":"INVALID_SESSION"}
Sep 07 07:58:58 armory interlock[239]: 2017/09/07 07:58:58 api.go:49: 10.0.0.2:37250 POST /api/auth/login
Sep 07 07:58:58 armory interlock[239]: 2017/09/07 07:58:58 status.go:50: unlocking encrypted volume encryptedfs
Sep 07 07:58:58 armory interlock[239]: 2017/09/07 07:58:58 cmd.go:43: executing system command, sudo: true, cmd: /sbin/cryptsetup, args: [luksOpen /dev/lvmvolume/encryptedfs interlockfs]
Sep 07 07:58:58 armory sudo[303]: interlock : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/cryptsetup luksOpen /dev/lvmvolume/encryptedfs interlockfs
Sep 07 07:58:58 armory sudo[303]: pam_unix(sudo:session): session opened for user root by (uid=0)
Sep 07 07:59:01 armory sudo[303]: pam_unix(sudo:session): session closed for user root
Sep 07 07:59:01 armory interlock[239]: 2017/09/07 07:59:01 status.go:50: mounting encrypted volume to /var/lib/interlock/.interlock-mnt
Sep 07 07:59:01 armory interlock[239]: 2017/09/07 07:59:01 cmd.go:43: executing system command, sudo: true, cmd: /bin/mount, args: [/dev/mapper/interlockfs /var/lib/interlock/.interlock-mnt]
Sep 07 07:59:01 armory sudo[341]: interlock : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/mount /dev/mapper/interlockfs /var/lib/interlock/.interlock-mnt
Sep 07 07:59:01 armory sudo[341]: pam_unix(sudo:session): session opened for user root by (uid=0)
Sep 07 07:59:01 armory sudo[341]: pam_unix(sudo:session): session closed for user root
Sep 07 07:59:01 armory interlock[239]: 2017/09/07 07:59:01 status.go:50: setting mount point permissions for user interlock
Sep 07 07:59:01 armory interlock[239]: 2017/09/07 07:59:01 cmd.go:43: executing system command, sudo: true, cmd: /bin/chown, args: [interlock /var/lib/interlock/.interlock-mnt]
Sep 07 07:59:01 armory sudo[345]: interlock : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/chown interlock /var/lib/interlock/.interlock-mnt
Sep 07 07:59:01 armory sudo[345]: pam_unix(sudo:session): session opened for user root by (uid=0)
Sep 07 07:59:01 armory sudo[345]: pam_unix(sudo:session): session closed for user root
Sep 07 07:59:01 armory interlock[239]: 2017/09/07 07:59:01 session.go:66: new session for volume encryptedfs
Sep 07 07:59:01 armory interlock[239]: 2017/09/07 07:59:01 api.go:192: {"response":{"XSRFToken":"aIEb_KP_5c6gHyOrMF2X5LBM9DnN1w0X5BZYXXXXXXXXXX","volume":"encryptedfs"},"status":"OK"}
Sep 07 07:59:01 armory interlock[239]: 2017/09/07 07:59:01 status.go:50: starting Signal message listener for +XXXHIDDENXXX
Sep 07 07:59:01 armory interlock[239]: 2017/09/07 07:59:01 api.go:49: 10.0.0.2:37250 POST /api/config/time
Sep 07 07:59:01 armory interlock[239]: 2017/09/07 07:59:01 json.go:33: {"epoch":1504763941}
Sep 07 07:59:01 armory interlock[239]: 2017/09/07 07:59:01 api.go:192: {"response":null,"status":"OK"}
Sep 07 07:59:02 armory interlock[239]: 2017/09/07 07:59:02 api.go:49: 10.0.0.2:37250 GET /api/crypto/ciphers
Sep 07 07:59:02 armory interlock[239]: 2017/09/07 07:59:02 api.go:192: {"response":[{"name":"OpenPGP","info":"OpenPGP (golang.org/x/crypto/openpgp)","key_format":"armor","enc":true,"dec":true,"sig":true,"otp":false,"msg":false,"ext":"pgp"},{"name":"AES-256-OFB","info":"AES OFB w/ 256 bit key derived using PBKDF2","key_format":"password","enc":true,"dec":true,"sig":false,"otp":false,"msg":false,"ext":"aes256ofb"},{"name":"TOTP","info":"Time-Based One-Time Password Algorithm (RFC6238, a.k.a. Google Authenticator)","key_format":"base32","enc":false,"dec":false,"sig":false,"otp":true,"msg":false,"ext":"totp"},{"name":"Signal","info":"Signal (TextSecure) protocol V2","key_format":"binary","enc":false,"dec":false,"sig":false,"otp":false,"msg":true,"ext":"signal"}],"status":"OK"}
Sep 07 07:59:02 armory interlock[239]: 2017/09/07 07:59:02 api.go:49: 10.0.0.2:37250 GET /api/status/version
Sep 07 07:59:02 armory interlock[239]: 2017/09/07 07:59:02 api.go:192: {"response":{"build":"alarm@armory on 2017-09-05 21:12:55 signal","key_path":"keys","revision":"fd6fcb0"},"status":"OK"}
Sep 07 07:59:02 armory interlock[239]: 2017/09/07 07:59:02 api.go:49: 10.0.0.2:37250 POST /api/status/running
Sep 07 07:59:02 armory interlock[239]: 2017/09/07 07:59:02 api.go:192: {"response":{"freeram":374259712,"load_1":64288,"load_15":7808,"load_5":22016,"log":[{"epoch":1504763941,"code":5,"msg":"starting Signal message listener for +XXXHIDDENXXX"},{"epoch":1504763941,"code":5,"msg":"setting mount point permissions for user interlock"},{"epoch":1504763941,"code":5,"msg":"mounting encrypted volume to /var/lib/interlock/.interlock-mnt"},{"epoch":1504763938,"code":5,"msg":"unlocking encrypted volume encryptedfs"}],"notification":null,"uptime":67},"status":"OK"}
Sep 07 07:59:02 armory interlock[239]: 2017/09/07 07:59:02 api.go:49: 10.0.0.2:37250 POST /api/file/list
Sep 07 07:59:02 armory interlock[239]: 2017/09/07 07:59:02 json.go:33: {"path":"/"}
Sep 07 07:59:02 armory interlock[239]: 2017/09/07 07:59:02 api.go:192: {"response":{XXXHIDDENXXX}}
Sep 07 07:59:05 armory interlock[239]: 2017/09/07 07:59:05 api.go:49: 10.0.0.2:37250 POST /api/status/running
Sep 07 07:59:05 armory interlock[239]: 2017/09/07 07:59:05 api.go:192: {"response":{"freeram":373432320,"load_1":64288,"load_15":7808,"load_5":22016,"log":[{"epoch":1504763941,"code":5,"msg":"starting Signal message listener for +XXXHIDDENXXX"},{"epoch":1504763941,"code":5,"msg":"setting mount point permissions for user interlock"},{"epoch":1504763941,"code":5,"msg":"mounting encrypted volume to /var/lib/interlock/.interlock-mnt"},{"epoch":1504763938,"code":5,"msg":"unlocking encrypted volume encryptedfs"}],"notification":null,"uptime":70},"status":"OK"}

...

Sep 07 15:58:58 armory interlock[239]: 2017/09/07 15:58:58 api.go:49: 10.0.0.2:37250 POST /api/status/running
Sep 07 15:58:58 armory interlock[239]: 2017/09/07 15:58:58 api.go:192: {"response":{"freeram":312541184,"load_1":4032,"load_15":256,"load_5":1152,"log":[{"epoch":1504763941,"code":5,"msg":"starting Signal message listener for +XXXHIDDENXXX"},{"epoch":1504763941,"code":5,"msg":"setting mount point permissions for user interlock"},{"epoch":1504763941,"code":5,"msg":"mounting encrypted volume to /var/lib/interlock/.interlock-mnt"},{"epoch":1504763938,"code":5,"msg":"unlocking encrypted volume encryptedfs"}],"notification":null,"uptime":28863},"status":"OK"}
Sep 07 15:59:01 armory interlock[239]: 2017/09/07 15:59:01 api.go:49: 10.0.0.2:37250 POST /api/status/running
Sep 07 15:59:01 armory interlock[239]: 2017/09/07 15:59:01 api.go:192: {"response":null,"status":"INVALID_SESSION"}

...

Sep 07 16:54:26 armory interlock[239]: 2017/09/07 16:54:26 api.go:49: 10.0.0.2:37250 POST /api/status/running
Sep 07 16:54:26 armory interlock[239]: 2017/09/07 16:54:26 api.go:192: {"response":null,"status":"INVALID_SESSION"}
Sep 07 16:54:27 armory interlock[239]: 2017/09/07 16:54:27 api.go:49: 10.0.0.2:37250 POST /api/file/list
Sep 07 16:54:27 armory interlock[239]: 2017/09/07 16:54:27 api.go:192: {"response":null,"status":"INVALID_SESSION"}
Sep 07 16:54:44 armory interlock[239]: 2017/09/07 16:54:44 api.go:49: 10.0.0.2:37250 POST /api/auth/login
Sep 07 16:54:44 armory interlock[239]: 2017/09/07 16:54:44 status.go:50: unlocking encrypted volume encryptedfs
Sep 07 16:54:44 armory interlock[239]: 2017/09/07 16:54:44 cmd.go:43: executing system command, sudo: true, cmd: /sbin/cryptsetup, args: [luksOpen /dev/lvmvolume/encryptedfs interlockfs]
Sep 07 16:54:44 armory sudo[527]: interlock : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/cryptsetup luksOpen /dev/lvmvolume/encryptedfs interlockfs
Sep 07 16:54:44 armory sudo[527]: pam_unix(sudo:session): session opened for user root by (uid=0)
Sep 07 16:54:44 armory sudo[527]: pam_unix(sudo:session): session closed for user root
Sep 07 16:54:44 armory interlock[239]: 2017/09/07 16:54:44 status.go:50: unmounting encrypted volume on /var/lib/interlock/.interlock-mnt
Sep 07 16:54:44 armory interlock[239]: 2017/09/07 16:54:44 cmd.go:43: executing system command, sudo: true, cmd: /bin/umount, args: [/var/lib/interlock/.interlock-mnt]
Sep 07 16:54:45 armory sudo[530]: interlock : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/umount /var/lib/interlock/.interlock-mnt
Sep 07 16:54:45 armory sudo[530]: pam_unix(sudo:session): session opened for user root by (uid=0)
Sep 07 16:54:45 armory sudo[530]: pam_unix(sudo:session): session closed for user root
Sep 07 16:54:45 armory interlock[239]: 2017/09/07 16:54:45 status.go:50: locking encrypted volume
Sep 07 16:54:45 armory interlock[239]: 2017/09/07 16:54:45 cmd.go:43: executing system command, sudo: true, cmd: /sbin/cryptsetup, args: [luksClose /dev/mapper/interlockfs]
Sep 07 16:54:45 armory sudo[532]: interlock : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/cryptsetup luksClose /dev/mapper/interlockfs
Sep 07 16:54:45 armory sudo[532]: pam_unix(sudo:session): session opened for user root by (uid=0)
Sep 07 16:54:45 armory sudo[532]: pam_unix(sudo:session): session closed for user root
Sep 07 16:54:45 armory interlock[239]: 2017/09/07 16:54:45 status.go:60: Device interlockfs already exists.
Sep 07 16:54:45 armory interlock[239]: 2017/09/07 16:54:45 api.go:192: {"response":["Device interlockfs already exists.\n"],"status":"INVALID_SESSION"}
Sep 07 16:54:56 armory interlock[239]: 2017/09/07 16:54:56 api.go:49: 10.0.0.2:37250 POST /api/auth/login
Sep 07 16:54:56 armory interlock[239]: 2017/09/07 16:54:56 status.go:50: unlocking encrypted volume encryptedfs
Sep 07 16:54:56 armory interlock[239]: 2017/09/07 16:54:56 cmd.go:43: executing system command, sudo: true, cmd: /sbin/cryptsetup, args: [luksOpen /dev/lvmvolume/encryptedfs interlockfs]
Sep 07 16:54:56 armory sudo[537]: interlock : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/cryptsetup luksOpen /dev/lvmvolume/encryptedfs interlockfs
Sep 07 16:54:56 armory sudo[537]: pam_unix(sudo:session): session opened for user root by (uid=0)
Sep 07 16:54:59 armory sudo[537]: pam_unix(sudo:session): session closed for user root
Sep 07 16:54:59 armory interlock[239]: 2017/09/07 16:54:59 status.go:50: mounting encrypted volume to /var/lib/interlock/.interlock-mnt
Sep 07 16:54:59 armory interlock[239]: 2017/09/07 16:54:59 cmd.go:43: executing system command, sudo: true, cmd: /bin/mount, args: [/dev/mapper/interlockfs /var/lib/interlock/.interlock-mnt]
Sep 07 16:54:59 armory sudo[553]: interlock : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/mount /dev/mapper/interlockfs /var/lib/interlock/.interlock-mnt
Sep 07 16:54:59 armory sudo[553]: pam_unix(sudo:session): session opened for user root by (uid=0)
Sep 07 16:54:59 armory sudo[553]: pam_unix(sudo:session): session closed for user root
Sep 07 16:54:59 armory interlock[239]: 2017/09/07 16:54:59 status.go:50: setting mount point permissions for user interlock
Sep 07 16:54:59 armory interlock[239]: 2017/09/07 16:54:59 cmd.go:43: executing system command, sudo: true, cmd: /bin/chown, args: [interlock /var/lib/interlock/.interlock-mnt]
Sep 07 16:54:59 armory sudo[557]: interlock : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/chown interlock /var/lib/interlock/.interlock-mnt
Sep 07 16:54:59 armory sudo[557]: pam_unix(sudo:session): session opened for user root by (uid=0)
Sep 07 16:54:59 armory sudo[557]: pam_unix(sudo:session): session closed for user root
Sep 07 16:54:59 armory interlock[239]: 2017/09/07 16:54:59 status.go:50: starting Signal message listener for +XXXHIDDENXXX
Sep 07 16:54:59 armory interlock[239]: 2017/09/07 16:54:59 session.go:63: invalidating session opened at 2017-09-07 07:59:01.827089055 +0200 CEST m=+41.559220254
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:54:59 session.go:66: new session for volume encryptedfs
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:54:59 api.go:192: {"response":{"XSRFToken":"Uv4ZGnkfM872AOtVhkt9oMgu8n06TFkS7mXXXXXXXXXX","volume":"encryptedfs"},"status":"OK"}
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:55:00 api.go:49: 10.0.0.2:37250 POST /api/config/time
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:55:00 json.go:33: {"epoch":1504796100}
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:55:00 api.go:192: {"response":null,"status":"OK"}
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:55:00 api.go:49: 10.0.0.2:37250 GET /api/crypto/ciphers
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:55:00 api.go:192: {"response":[{"name":"OpenPGP","info":"OpenPGP (golang.org/x/crypto/openpgp)","key_format":"armor","enc":true,"dec":true,"sig":true,"otp":false,"msg":false,"ext":"pgp"},{"name":"AES-256-OFB","info":"AES OFB w/ 256 bit key derived using PBKDF2","key_format":"password","enc":true,"dec":true,"sig":false,"otp":false,"msg":false,"ext":"aes256ofb"},{"name":"TOTP","info":"Time-Based One-Time Password Algorithm (RFC6238, a.k.a. Google Authenticator)","key_format":"base32","enc":false,"dec":false,"sig":false,"otp":true,"msg":false,"ext":"totp"},{"name":"Signal","info":"Signal (TextSecure) protocol V2","key_format":"binary","enc":false,"dec":false,"sig":false,"otp":false,"msg":true,"ext":"signal"}],"status":"OK"}
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:55:00 api.go:49: 10.0.0.2:37250 GET /api/status/version
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:55:00 api.go:192: {"response":{"build":"alarm@armory on 2017-09-05 21:12:55 signal","key_path":"keys","revision":"fd6fcb0"},"status":"OK"}
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:55:00 api.go:49: 10.0.0.2:37250 POST /api/status/running
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:55:00 api.go:192: {"response":{"freeram":308600832,"load_1":1088,"load_15":0,"load_5":544,"log":[{"epoch":1504796099,"code":5,"msg":"starting Signal message listener for +XXXHIDDENXXX"},{"epoch":1504796099,"code":5,"msg":"setting mount point permissions for user interlock"},{"epoch":1504796099,"code":5,"msg":"mounting encrypted volume to /var/lib/interlock/.interlock-mnt"},{"epoch":1504796096,"code":5,"msg":"unlocking encrypted volume encryptedfs"},{"epoch":1504796085,"code":3,"msg":"Device interlockfs already exists.\n"},{"epoch":1504796085,"code":5,"msg":"locking encrypted volume"},{"epoch":1504796084,"code":5,"msg":"unmounting encrypted volume on /var/lib/interlock/.interlock-mnt"},{"epoch":1504796084,"code":5,"msg":"unlocking encrypted volume encryptedfs"},{"epoch":1504763941,"code":5,"msg":"starting Signal message listener for +XXXHIDDENXXX"},{"epoch":1504763941,"code":5,"msg":"setting mount point permissions for user interlock"},{"epoch":1504763941,"code":5,"msg":"mounting encrypted volume to /var/lib/interlock/.interlock-mnt"},{"epoch":1504763938,"code":5,"msg":"unlocking encrypted volume encryptedfs"}],"notification":null,"uptime":32225},"status":"OK"}
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:55:00 api.go:49: 10.0.0.2:37250 POST /api/file/list
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:55:00 json.go:33: {"path":"/"}
Sep 07 16:55:00 armory interlock[239]: 2017/09/07 16:55:00 api.go:192: {"response":{XXXHIDDENXXX}}
Sep 07 16:55:00 armory interlock[239]: time="2017/09/07 16:55:00" level=error msg=EOF
Sep 07 16:55:00 armory interlock[239]: time="2017/09/07 16:55:00" level=error msg="read tcp 10.0.0.1:38850->34.225.60.206:443: use of closed network connection"
Sep 07 16:55:03 armory interlock[239]: 2017/09/07 16:55:03 api.go:49: 10.0.0.2:37250 POST /api/status/running
Sep 07 16:55:03 armory interlock[239]: 2017/09/07 16:55:03 api.go:192: {"response":{"freeram":308633600,"load_1":992,"load_15":0,"load_5":512,"log":[{"epoch":1504796099,"code":5,"msg":"starting Signal message listener for +XXXHIDDENXXX"},{"epoch":1504796099,"code":5,"msg":"setting mount point permissions for user interlock"},{"epoch":1504796099,"code":5,"msg":"mounting encrypted volume to /var/lib/interlock/.interlock-mnt"},{"epoch":1504796096,"code":5,"msg":"unlocking encrypted volume encryptedfs"},{"epoch":1504796085,"code":3,"msg":"Device interlockfs already exists.\n"},{"epoch":1504796085,"code":5,"msg":"locking encrypted volume"},{"epoch":1504796084,"code":5,"msg":"unmounting encrypted volume on /var/lib/interlock/.interlock-mnt"},{"epoch":1504796084,"code":5,"msg":"unlocking encrypted volume encryptedfs"},{"epoch":1504763941,"code":5,"msg":"starting Signal message listener for +XXXHIDDENXXX"},{"epoch":1504763941,"code":5,"msg":"setting mount point permissions for user interlock"},{"epoch":1504763941,"code":5,"msg":"mounting encrypted volume to /var/lib/interlock/.interlock-mnt"},{"epoch":1504763938,"code":5,"msg":"unlocking encrypted volume encryptedfs"}],"notification":null,"uptime":32228},"status":"OK"}

...

So, thanks a lot for the fix, and sorry for my bad testing. I'm closing this.

usbarmory / interlock

Could not login after cookie expiration #37