tries to mount an already mounted volume and when password is not available
Brought to you by:
jengelh
There are potentially several issues here. The scenario is that when logging into a machine over ssh using public-key encryption, the password isn't available, and yet pam_mount tries to mount the volume anyway, but it's also already mounted.
debug1: PAM: establishing credentials debug3: PAM: opening session debug3: PAM: sshpam_store_conv called with 1 messages (mount.c:68): Messages from underlying mount program: (mount.c:72): crypt_activate_by_passphrase: File exists (pam_mount.c:522): mount of /dev/sys/home-phemmer-luks failed
During this phase, there's also a huge delay of several seconds before the failed mount attempt returns. strace of mount.crypt shows lots of the following lines being repeated over and over:
[pid 21868] ioctl(5, DM_DEV_REMOVE, 0x79ba80) = -1 EBUSY (Device or resource busy) [pid 21868] nanosleep({0, 200000000}, NULL) = 0 [pid 21868] ioctl(5, DM_DEV_REMOVE, 0x79ba80) = -1 EBUSY (Device or resource busy) [pid 21868] nanosleep({0, 200000000}, NULL) = 0 [pid 21868] ioctl(5, DM_DEV_REMOVE, 0x79ba80) = -1 EBUSY (Device or resource busy) [pid 21868] nanosleep({0, 200000000}, NULL) = 0
So it seems like there should be 2 fixes here:
1. Have an option that tells pam_mount not to try and mount the volume if the password (pam authtok) isn't available.
2. Don't try and mount a volume which is already mounted.
I have posted a patch to fix the second issue here:
https://sourceforge.net/p/pam-mount/feature-requests/29/