Bug #63939
openfscrypt on CephFS forgets that directory is encrypted after unmount
0%
Description
Summary: After unmounting and remounting CephFS, encrypted directories are not recognized as encrypted.
Severity: This could lead to data loss
Description: This issue is present in Ubuntu 23.10 with Kernel 6.6.7 from mainline and Ceph 18.2.0 - (6.6+ required for fscrypt support on CephFS). fscrypt is installed via apt. The Ceph cluster is v17.2.7 right now.
How to reproduce:
Create CephFS named mycephfs on the cluster
$ sudo mount -t ceph user@.mycephfs=/ /mnt
$ cd /mnt
$ /fscrypt setup
$ mkdir cryptdir
$ fscrypt encrypt cryptdir
The result here is correct, I get "cryptdir is now encrypted, unlocked and ready to use."
At this point I can fscrypt lock and unlock the directory
When the directory is locked, the files inside are encrypted, with encrypted filenames. When it is unlocked. the files are decrypted.
Now unmount and remount:
$ sudo umount /mnt
$ sudo mount -t ceph user@.mycephfs=/ /mnt
$ cd /mnt
ls shows cryptdir.
$ fscrypt unlock cryptdir
[ERROR] fscrypt unlock: file or directory cryptdir is not encrypted
The files and directories inside the directory are encrypted, but fscrypt does not recognize that they are.
I tried locking the directory before umount and leaving it unlocked before umount. Neither works.
I tried to find a solution in the bug tracker and online, but came up empty.
I also reported this on the fscrypt project, but they said it works with other FS and advised to open a bug here.