[Pkg-ltsp-devel] Bug#690267: ltsp-client: nbd swap files are not removed from the server if swap encryption is enabled

[Vagrant Cascadian]

Control: tags 690267 confirmed
Control: severity 690267 important

On Thu, Oct 11, 2012 at 10:41:16PM +0300, George Kiagiadakis wrote:
> NBD swap files seem to be encrypted by default (if no encryption
> option is specified).
> However, the nbd-disconnect script does not handle encrypted swap files.
> Specifically, it tries to do "swapoff /dev/nbd1" where it should actually
> be doing swapoff on /dev/mapper/swap0 and removing the dm-crypt mapping with
> cryptsetup.
> 
> The problem is that since nbd-disconnect fails, the swap file is not
> properly removed from the server.
> 
> As a workaround, setting ENCRYPT_SWAP=False in lts.conf solves the issue.

Thanks for the report.

I've been trying to debug this, but it seems elusive to me. I can reproduce the
problem, but my attempted fix fails:

=== modified file 'client/share/ltsp/nbd-disconnect'
*** client/share/ltsp/nbd-disconnect	2012-05-14 19:23:51 +0000
--- client/share/ltsp/nbd-disconnect	2012-11-19 20:15:47 +0000
***************
*** 30,39 ****
--- 30,47 ----
      case "$device" in
          /dev/nbd[1-9])
              swapoff "$device"
              nbd-client -d "$device"
              ;;
+         /dev/mapper/swap[0-9])
+             nbd_device=$(cryptsetup status "$device" | egrep 'device:.*/dev/nbd[0-9]' | cut -d : -f 2)
+             if [ -n "$nbd_device" ]; then
+                 swapoff "$device"
+                 cryptsetup remove "$device"
+                 nbd-client -d "$nbd_device"
+             fi
+             ;;
      esac
  done < /proc/swaps
  
  # If we're not using an nbd root, exit
  grep -qw "nbdroot" /proc/cmdline || exit 0


For some reason I can't figure out, the swapoff and "cryptsetup remove"
sucessfully removes the crypted disk, but then the "nbd-client -d" fails... the
nbd module is unloaded at that point.

live well,
  vagrant