#7 quota doesn't work with encrypted filesystem

closed-invalid
nobody
None
5
2003-10-26
2003-10-22
Anonymous
No

I am using vanilla linux 2.4.22 source + xfs +
loop-AES-v1.7e.

I have found out that xfs quota does not work with
encrypted option turned on. (through the loop device)

for example:

/dev/hde11 /home xfs
encryption=AES128,encrypted,grpquota,usrquota 0 0

has the encryption, but unable to assign quota, enforce
or show quota.

without the encryption, quota just works.

I believe it is not xfs specific, do you have any ideas?

Thanks,

Discussion

  • Jari Ruusu

    Jari Ruusu - 2003-10-24

    Logged In: YES
    user_id=238645

    This appears to be result of bug or limitation in quota
    utilities that fail to locate the loop device between
    ide disk partition /dev/hde11 and mount point /home

    This workaround seems to work:

    losetup -e AES128 /dev/loop2 /dev/hde11
    mount -t xfs /dev/loop2 /home -o grpquota,usrquota
    setquota -F xfs USER 1000 1000 300 300 /home
    umount /home
    losetup -d /dev/loop2

    Unless you or someone else can pinpoint a bug in
    loop-AES package that causes this, I am soon going to
    close this 'bug' as invalid. Real fix is to use quota
    utilities that are able locate loop devices between
    partitions and mount points and direct their actions to
    the loop device.

     
  • Nobody/Anonymous

    Logged In: NO

    I am trying to reproduce what you do.
    [root@cbis-dev1 ying]# losetup -e AES128 /dev/loop4 /dev/hde10
    Password:
    [root@cbis-dev1 ying]# mount -t xfs /dev/loop4
    /var/spool/mail -o usrquota
    mount: wrong fs type, bad option, bad superblock on /dev/loop4,
    or too many mounted file systems

    any ideas?

    Thanks,

     
  • Nobody/Anonymous

    Logged In: NO

    sorry for the previous post, i get it to work now.

    however, once umount / reboot, there is no way to tell it to
    remember it correct?

     
  • Ying

    Ying - 2003-10-24

    Logged In: YES
    user_id=894222

    just FYI, quota works with loop device.

    # mkfs.xfs -dfile,size=1g,name=/tmp/loopy
    meta-data=/tmp/loopy isize=256 agcount=8,
    agsize=32768 blks
    = sectsz=512
    data = bsize=4096 blocks=262144,
    imaxpct=25
    = sunit=0 swidth=0 blks,
    unwritten=1
    naming =version 2 bsize=4096
    log =internal log bsize=4096 blocks=2560,
    version=1
    = sectsz=512 sunit=0 blks
    realtime =none extsz=65536 blocks=0,
    rtextents=0
    # mkdir /mnt/loopy
    # mount -t xfs -o loop,usrquota /tmp/loopy /mnt/loopy
    # repquota /mnt/loopy
    *** Report for user quotas on device /dev/loop0
    Block grace time: 7days; Inode grace time: 7days
    Block limits File limits
    User used soft hard grace used soft
    hard grace
    ----------------------------------------------------------------------
    root -- 0 0 0 3 0
    0

    --

     
  • Jari Ruusu

    Jari Ruusu - 2003-10-25

    Logged In: YES
    user_id=238645

    I have included a patch that fixes a bug in quota-3.09
    that affects loop device mounts. Old quota code did not
    work at all with loop mounts where mount program
    created a loop=/dev/loop2 mount option entry to
    /etc/mtab. Old quota code assumed that file or device
    underneath loop device was neither block nor character
    device.

    If you patch and recompile quota package yourself, you
    will need quota-3.09.tar.gz tarball (from linuxquota
    project on sourceforge) and my quota-3.09-loopfix.diff
    patch. Then do this as root:

    zcat quota-3.09.tar.gz | tar xvf -
    cd quota-tools
    patch -p1 <../quota-3.09-loopfix.diff
    ./configure --prefix=/usr
    make
    make install

     
  • Jari Ruusu

    Jari Ruusu - 2003-10-25

    Logged In: YES
    user_id=238645

    I just uploaded new version of quota-3.09 patch.
    Earlier one still failed on file backed loops.

     
  • Jari Ruusu

    Jari Ruusu - 2003-10-25

    Logged In: YES
    user_id=238645

    I just uploaded third version of quota-3.09 patch.
    Earlier one handled bind mounts incorrectly.

     
  • Nobody/Anonymous

    Logged In: NO

    Great, It works!

    Thanks!

     
  • Jari Ruusu

    Jari Ruusu - 2003-10-26

    Logged In: YES
    user_id=238645

    This is not loop-AES bug.
    I am now closing this as 'invalid'.

     
  • Jari Ruusu

    Jari Ruusu - 2003-10-26
    • status: open --> closed-invalid