Not mounting encrypted partition without sudo

[aetios]

On my laptop running Arch ( kernel 4.14.4-1-ARCH ) I can't mount my LUKS-encrypted partition on a USB drive without running udiskie as sudo. I do get prompted for the device password, but other than unlocking, udiskie does nothing. If I run with sudo, everything works as expected. Terminal output:

aetios@anko: ~
>> udiskie     
Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged. 
mounted /org/freedesktop/UDisks2/block_devices/sdd2 on /run/media/aetios/48bc7d7e-804d-44a5-9fc2-d324245ed265  
failed to mount /org/freedesktop/UDisks2/block_devices/dm_2d1: GDBus.Error:org.freedesktop.UDisks2.Error.NotAuthorizedCanObtain: Not authorized to perform operation 
unlocked /org/freedesktop/UDisks2/block_devices/sdd1 
^C
aetios@anko: ~  
>> sudo udiskie
Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.     
mounted /org/freedesktop/UDisks2/block_devices/sdd2 on /run/media/root/48bc7d7e-804d-44a5-9fc2-d324245ed265
mounted /org/freedesktop/UDisks2/block_devices/dm_2d1 on /run/media/root/b216e6ed-d1b9-4293-bafc-3c3f4e31afff
unlocked /org/freedesktop/UDisks2/block_devices/sdd1
^C

I am launching udiskie from my .xinitrc with the line udiskie &.

On my desktop (XFCE4, launching udiskie -t with xfce autostart rules), I have no issues; the volume unlocks and mounts properly as expected.

I'm sure I'm doing something wrong, but I can't figure out what. Posting here because this might actually be a udiskie issue?

[coldfix]

Hi,

did you check https://github.com/coldfix/udiskie/wiki/Permissions ?

Best, Thomas

[aetios]

Thanks for the quick reaction. Please bear with me while I clumsily try to edit my issue. ^^' I will check the Permissions page!

[aetios]

Hi, I just added the polkit rules and added myself to the storage group just to be sure. That did not work. I should probably mention two more things:

• the regular partition on the USB stick is actually being mounted
• if I restart udiskie after I unlock the device, it properly mounts the partition.

I'm especially confused because it works properly on my desktop.

Update: I just cross-checked on desktop. It asks me for a root password when udiskie tries to mount it. My laptop does not, so that's probably the direction I should be looking into.

I'm a little puzzled why it would ask for my root password when we are mounting instantly after unlocking, and not when I restart udiskie after unlocking the partition.

[coldfix]

Hi,

on reading a second time more thoroughly your issue:

I am encountering problems with udisks2 delaying permissions as well (dating back couple of weeks). Everything works if retrying to mount a few seconds after unlocking. It seems that udisks2 changes permissions too late, Also, if you install the polkit-gnome package and start /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 &, it asks for sudo password if trying to mount immediately after unlocking. If trying later, it works without password.

Can you confirm this is the same issue? (I will have to open an issue on the udisks2 tracker, as this will be affecting many others presumably)

Best, Thomas

[aetios]

Installing polkit-gnome and running /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 & indeed gives me a sudo password prompt (on desktop I already have a polkit daemon running and attempting to start the gnome variant gives me an error).

Judging from the log:

failed to mount /org/freedesktop/UDisks2/block_devices/dm_2d1: GDBus.Error:org.freedesktop.UDisks2.Error.NotAuthorizedCanObtain: Not authorized to perform operation 
unlocked /org/freedesktop/UDisks2/block_devices/sdd1 

as in the first post (which I edited, again, by the way... sorry for being such a derp! -_-;;), it does kinda look like the unlock happens after the mount attempt. I'm not sure if this is just from the way udiskie logs or that this is indeed what is happening.

In that case, maybe a temporary workaround might be to just sleep a few seconds until udisks2 changes permissions, although I will immediately admit that that is not an optimal solution.

On a half-related note, I noticed that udiskie-mount only unlocks my LUKS device and does not try to mount it, even on repeated attempts: I just get the line not unlocking /path/to/device/: already unlocked. Unless this is intended behaviour, I should probably open another issue for that?

Thanks for taking your time with me!

[coldfix]

Seems to be the same issue.

it does kinda look like the unlock happens after the mount attempt.

No, it's just logged after for technical reasons, but the mount attempt only happens as result of being notified by udisks that the unlocking was successfull and a new block device with a filesystem on it has appeared.

In that case, maybe a temporary workaround might be to just sleep a few seconds until udisks2 changes permissions, although I will immediately admit that that is not an optimal solution.

Yes, I tried that and it seems to work. I will add it as temporary hack, but this is definitely broken and unreliable.

On a half-related note, I noticed that udiskie-mount only unlocks my LUKS device and does not try to mount it, even on repeated attempts

Unless you passed the -r flag, this is intentional (it will normally rely on udiskie automount if udiskie is active in the background). Use udiskie-mount -r DEVICE if you have no udiskie process in the background.

[aetios]

Alright that clears things up! Best of luck in getting the issue fixed :)

[coldfix]

Forwarded to udisks issue tracker: storaged-project/udisks#473.

I'll keep it open for now.

[coldfix]

Note that the workaround will be available in 1.7.3 but I'll keep this issue open until a proper fix is available.

[coldfix]

decided to close it anyway since there is nothing else that can be done in udiskie.

[aetios]

Just chiming in to say that the workaround worked a charm. It's not a hack if it works, right? :P