storage: Improve handling of LUKS backed btrfs #20070
Conversation
|
Current plan: have a function that computes the correct crypttab options from the existing ChildConfiguration entries, without any arguments needed from the dialog action functions. Plus whatever is necessary for the direct Lock and Unlock actions. |
mvollmer
added
the
no-test
mvollmer
force-pushed
the
storage-correct-crypttab-options-for-subvols
branch
2 times, most recently
from
984efa4
to
dc33b9c
Compare
|
To make this complete, we also need to show subvolumes of btrfs volumes that are currently locked, like we show mountpoints for filesystems that are locked. (This only needs to work well for single -device volumes, I think.) |
mvollmer
force-pushed
the
storage-correct-crypttab-options-for-subvols
branch
from
f9df53c
to
6f9190d
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
mvollmer
force-pushed
the
storage-correct-crypttab-options-for-subvols
branch
7 times, most recently
from
a0863fa
to
f65ba0d
Compare
mvollmer
changed the title
mvollmer
force-pushed
the
storage-correct-crypttab-options-for-subvols
branch
5 times, most recently
from
d68368d
to
cfc1805
Compare
mvollmer
removed
the
no-test
mvollmer
force-pushed
the
storage-correct-crypttab-options-for-subvols
branch
from
cfc1805
to
e115dd4
Compare
mvollmer
force-pushed
the
storage-correct-crypttab-options-for-subvols
branch
from
e115dd4
to
9571892
Compare
|
This is now unblocked as readonly crypto was merged. |
mvollmer
force-pushed
the
storage-correct-crypttab-options-for-subvols
branch
from
9571892
to
027e1f6
Compare
mvollmer
force-pushed
the
storage-correct-crypttab-options-for-subvols
branch
2 times, most recently
from
210ab78
to
7c985f0
Compare
| for (const c of block_crypto.ChildConfiguration) { | ||
| if (c[0] == "fstab") { | ||
| const fsname = decode_filename(c[1].fsname.v); | ||
| const uuid_match = fsname.match(/^UUID=(?<uuid>[A-Fa-f0-9-]+)/); |
There was a problem hiding this comment.
So this depends on fstab being like:
UUID=11e176e1-8cd9-42b7-85e0-46bbb9e9bc35 / btrfs rw,compress=lzo,ssd,space_cache,discard=async,subvolid=256,subvol=/root 0 0
However I have something like:
LABEL=system / btrfs rw,compress=lzo,ssd,space_cache,discard=async,subvolid=256,subvol=/root 0 0
There was a problem hiding this comment.
I wonder if this complexity is actually worth it. A fstab entry will only have one x-parent entry, and thus only one of the backing devices of a multi-device btrfs volume will have that entry in its ChildConfiguration. I wonder how the tests actually reach this code...
There was a problem hiding this comment.
I have removed this and improved the docs a bit. It was the correct idea, but doesn't really work in practice.
There was a problem hiding this comment.
No, back to where we started! :-)
Looking into ChildConfiguration is important when: There is a multi-device btrfs volume on encrypted devices, one of them ("a") has a x-parent option in fstab and is locked, and another one ("b") is unlocked.
In that case we don't want to treat the "a" device as a locked single-device btrfs filesystem. "b" is already open and a "btrfs volume" is created for it. We either need to associate "a" with that volume, or show it as generic "locked data". We shouldn't show it as another copy of the same btrfs volume.
We could associate "a" with the volume and create a "btrfs device" card for it. But then we also need to put a "unlock" action on it, etc. I would like to finish #19882 instead, I think.
| if (single_device_volume) | ||
| card = make_btrfs_filesystem_card(card, block, null); | ||
| else | ||
| card = make_locked_encrypted_data_card(card, block); |
There was a problem hiding this comment.
This condition confuses me as a reader, if it's not a single device volume it is encrypted?
I understand that we don't know if a locked without fstab?
There was a problem hiding this comment.
It's always encrypted and locked when we get here (content_block == null, is_crypto == true), but if we know (or guess) that it's a single device btrfs, we can make a filesystem card for it even when it is locked.
| // Thus, while we should try to not let the user | ||
| // run into this situation here as much as | ||
| // possible, we will probably not be able to rule | ||
| // it out completely. |
There was a problem hiding this comment.
FYI: btrfs filesystem show /dev/mapper/system should work fine for luks unlocked device members but parsing that and then offering to unlock all members is quite some work. Rather have udisks figure that out.
mvollmer
force-pushed
the
storage-correct-crypttab-options-for-subvols
branch
from
7c985f0
to
76fe4d6
Compare
| if (fstab_config.length > 0) { | ||
| if (is_btrfs) { | ||
| if (single_device_volume) | ||
| card = make_btrfs_filesystem_card(card, block, null); |
There was a problem hiding this comment.
Hmm, this requires investigation.
|
Alright back to draft, there is more coming... |
Single-device btrfs volumes now behave like other filesystems: Unmounting all subvolumes will automatically lock the LUKS device, and mounting the first subvolume will automatically unlock it. Options in /etc/crypttab are now maintained correctly for btrfs volumes with multiple subvolumes. For example, the LUKS device is only "noauto" when all of the subvolumes are also "noauto", and it is readonly exactly when all of the subvolumes are readonly. Cockpit can't unfortunately always know whether a locked LUKS device is part of a single-device or multi-device btrfs volume. (Because UDisks2 only tracks one parent of a fstab entry, we would need to fix that.) We assume that they are single-device volumes (because they are more common, probably) and let the user mount their subvolumes directly. If the assumption turns out to have been wrong, the mount operation is cleanly aborted.
mvollmer
force-pushed
the
storage-correct-crypttab-options-for-subvols
branch
from
76fe4d6
to
77ace98
Compare
|
|
||
| if (client.in_anaconda_mode()) { | ||
| actions.push({ | ||
| title: _("Edit mount point"), | ||
| action: () => edit_mount_point(block, forced_options, subvol), | ||
| action: () => edit_mount_point(content_block || backing_block, forced_options, subvol, subvols), |
There was a problem hiding this comment.
This added line is not executed by any test.
Demo: https://youtu.be/wSrx7GLDP88