Ecryptfs service failed to start

Otmar · April 29, 2022, 9:01am

Hello,

I have built a custom Linux image for colibri imx7d using Yocto version 2.6 (thud), Toradex BSP version 3

I have enabled in the kernel config support for ecryptfs:

CONFIG_MISC_FILESYSTEMS=y
CONFIG_ECRYPT_FS=y

When I check the status of ecryptfs service on the device I get this message:

Active: failed (Result: exit-code) since Wed 2022-04-27 09:54:55 UTC; 1 day 22h ago
  Process: 259 ExecStart=/usr/bin/ecryptfsd -f (code=exited, status=163)
 Main PID: 259 (code=exited, status=163)

Apr 27 09:54:54 colibri-imx7-emmc systemd[1]: Started A userspace daemon that runs as the user perform file operations under th
e eCryptfs mount point.
Apr 27 09:54:54 colibri-imx7-emmc ecryptfsd[259]: main: Current kernel does not have support for /dev/ecryptfs; please use 2.6.
26 or newer
Apr 27 09:54:55 colibri-imx7-emmc systemd[1]: ecryptfs.service: Main process exited, code=exited, status=163/n/a
Apr 27 09:54:55 colibri-imx7-emmc systemd[1]: ecryptfs.service: Failed with result 'exit-code'.

My Linux kernel is of course much newer than 2.6:

root@colibri-imx7-emmc:~# uname -r
4.14.170-3.0.4+gbaa6c24

Is there anything else I need to configure in the Linux kernel in order to activate ecryptfs support? The menuconfig item did not give me any other option though.

Interestingly, I could mount a folder on the device with “-t ecryptfs” and properly decrypt a file in there, which I had previously encrypted on a host machine. So the ecryptfs service seems not necessary for the correct function of ecryptfs file system.

Many thanks,
Otmar

kevin.tx · May 2, 2022, 9:14am

Hi @Otmar ,

Thanks for the question. We’ll have a look and let you know as soon as possible.

Best Regards
Kevin

Otmar · May 2, 2022, 9:39am

Hello Kevin,

thank you for looking into the issue.

Actually, since I verified that ecryptfs appears to be working despite the failing service, its not an urgent issue. I wonder what purpose the service has and whether the service failing has any consequences for ecryptfs working correctly. However, if the service cannot be corrected to work properly I wouldn’t mind removing it at all.

Best regards,
Otmar

kevin.tx · May 5, 2022, 8:42am

Hi @Otmar ,

All right, I’ll check internally for additional information on the matter. I’ll let you know as soon as I have new information.

You mentioned that you would not mind removing it altogether?
Is the service (Ecryptfs) not needed in your application?

Best Regards
Kevin

Otmar · May 5, 2022, 9:05am

Hello Kevin,

I would not mind removing the service since it seems to have no influence on ecryptfs working or not.
I would like to keep ecryptfs working. And currently it does work, despite the service exiting with some failure. Thus I conclude the service is not really needed and could be removed if it cannot be corrected.
Best regards,
Otmar

kevin.tx · May 9, 2022, 9:52am

Hi @Otmar ,

All right, now I understand your intention.

I come back to you as soon as possible.

Best Regards
Kevin

kevin.tx · May 10, 2022, 9:47am

Hi @Otmar ,

It seems that your initial assumption was right. We reproduced it here and we can confirm that the service is not launched when an ecryptfs directory is mounted.

I would say so, if you face any unexpected behavior afterwards feel free to add it to this post here.

Best Regards
Kevin

Otmar · May 10, 2022, 11:38am

Hello Kevin,

thanks for looking into it and confirming.

Best regards,
Otmar