bugzilla-daemon at defect.opensolaris.org
2008-May-31 07:00 UTC
[Bug 2108] New: delegation_003 reports key was not loaded, but it was..
http://defect.opensolaris.org/bz/show_bug.cgi?id=2108 Summary: delegation_003 reports key was not loaded, but it was.. Classification: Development Product: zfs-crypto Version: unspecified Platform: Other OS/Version: Solaris Status: NEW Severity: normal Priority: P3 Component: other AssignedTo: ajscarp at yahoo.com ReportedBy: ajscarp at yahoo.com QAContact: hua.tang at sun.com CC: zfs-crypto-discuss at opensolaris.org Estimated Hours: 0.0 There may be more failures contained in this bug, the results file is a bit hard to read because the stderr is not lining up property with the commands.. What I know for sure is that loading a dataset key returns a failure, but the key is loaded successfully. In the below case the user has mount & keyuse privileges, so it should success.. the kernel does the right thing by mounting the key, The problem appears to be ioctl apparently returns failure return code.. $ zfs key -l tank/enc Enter passphrase for ''tank/enc'': cannot mount ''tank/enc'': Insufficient privileges Key error in ''tank/enc'': crypto key failure $ echo $? 1 $ zfs key -l tank/enc Key error in ''tank/enc'': Key already loaded. Keystatus shows the key as available... ---- stdout| 140160| /usr/sbin/zpool create -f pool_140160 /export/home/vdev_file_1 stdout| 140160| /usr/sbin/zfs create -o encryption=on -o keyscope=dataset -o keysource=hex,file:///net/borg/cube/builds/izick/zfscrypto-test/proto/suites/security/zfs-crypto/etc/hex_key_file pool_140160/fs stdout| 140160| cp /net/borg/cube/builds/izick/zfscrypto-test/proto/suites/security/zfs-crypto/etc/file1.txt /pool_140160/fs stdout| file1.txt Msg| 140160 | [ - Result ] Msg| 140160 | RESULT: PASS Msg| 140160 | Msg| 140160 | [ - Progress ] Msg| 140160 | Testing with keyuse,mount delegated, a non-root user can do ''zfs key -l'' Msg| 140160 | stdout| 140160| Expected return value: 0 stdout| 140160| Actual return value: 1 stderr| cannot mount ''pool_140160/fs'': Insufficient privileges stderr| Key error in ''pool_140160/fs'': crypto key failure Msg| 140160 | [ - Result ] Msg| 140160 | RESULT: FAIL -- Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
bugzilla-daemon at defect.opensolaris.org
2008-Jun-02 09:27 UTC
[Bug 2108] delegation_003 reports key was not loaded, but it was..
http://defect.opensolaris.org/bz/show_bug.cgi?id=2108 Darren J Moffat <darrenm at opensolaris.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |darrenm at opensolaris.org --- Comment #1 from Darren J Moffat <darrenm at opensolaris.org> 2008-06-02 02:27:06 --- The user needs to own the mountpoint as well. -- Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
bugzilla-daemon at defect.opensolaris.org
2008-Jun-02 14:51 UTC
[Bug 2108] delegation_003 reports key was not loaded, but it was..
http://defect.opensolaris.org/bz/show_bug.cgi?id=2108 Darren J Moffat <darrenm at opensolaris.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |DUPLICATE --- Comment #2 from Darren J Moffat <darrenm at opensolaris.org> 2008-06-02 07:51:46 --- Test suite bug see Bugster 6709577 *** This bug has been marked as a duplicate of bug 2114 *** -- Configure bugmail: http://defect.opensolaris.org/bz/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.