Being a fellow pilgrim in the Way of the Penguin, I can confirm the
exact same facts as Mr. Pellegrino on clean install of Ubuntu Mate
16.04.
It appears that the swap partition is not actually encrypted at all.
Syslog shows that encryption failed, and "cryptsetup -v isLuks
/path/to/partition" shows not LUKS partition. This is so no matter which
path to the swap partition I use, including: /dev/disks/by-uuid/XXXX,
the device show by "grep /proc/swaps", or /dev/mapper/cryptswap1.
Looking at /var/log/syslog, I see that cryptsetup failed because
/dev/urandom is not available. ("grep crypt /var/log/syslog" for
details.)
Further, I notice that poweroff.target is disabled. When I enable it
(systemctl enable poweroff.target), shutdown works as expected unless
the computer has resumed from suspend.
The work around suggested by Mr. Pellegrino works, but of course that
means that swap is not encrypted, which is of course a security
vulnerability.
Here is my working theory: On boot-up, systemd tries to create an
encrypted swap, but when it cannot, systemd creates an unencrypted swap.
(Feature or bug? There would be competing considerations, so it is hard
to say.) After resume from suspend, which of course involves (on
suspend) writing RAM to swap and then (on resume) reading from swap to
RAM, the system thinks there should be an encrypted swap (because that's
what /etc/fstab and /etc/crypttab say), but can't find it and gets
confused when time comes to shutdown.
This being a security issue, it should be given attention.
** Changed in: systemd (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1594035
Title:
unable to shut down the system after suspend / resume
Status in systemd package in Ubuntu:
Confirmed
Bug description:
In the case of a system that has gone through a suspend / resume
cycle, the "shutdown now" command fails with the following output:
$ shutdown now
Failed to power off system via logind: Transaction is destructive.
Failed to start poweroff.target: Interactive authentication required.
See system logs and 'systemctl status poweroff.target' for details.
Failed to open /dev/initctl: Permission denied
Failed to talk to init daemon.
---
$ systemctl status poweroff.target
● poweroff.target - Power-Off
Loaded: loaded (/lib/systemd/system/poweroff.target; disabled; vendor
preset:
Active: inactive (dead)
Docs: man:systemd.special(7)
---
$ systemctl list-jobs
JOB UNIT TYPE STATE
438 dev-mapper-cryptswap1.device start running
439 dev-mapper-cryptswap1.swap start waiting
436 systemd-cryptsetup@cryptswap1.service start running
3 jobs listed.
---
Steps to reproduce:
1. Boot system
2. User login to graphical session
3. Close lid while on battery power triggering a suspend
4. Open lid while on battery power triggering a resume
5. Run "shutdown now" from a terminal. Note that the command must be run from
the terminal to see output. Selecting "Shut Down..." from the system menu in
the menu bar will hide the error output.
6. Observe that the system fails to shut down
Expected behavior:
At step 6, the system should shut down gracefully.
Note that the shutdown process works as expected if steps 3 and 4 are
skipped. I suspect that something about the suspend / resume cycle
during the session has an interaction effect with the shutdown
process, preventing it from executing correctly.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: systemd 229-4ubuntu6
ProcVersionSignature: Ubuntu 4.4.0-24.43-generic 4.4.10
Uname: Linux 4.4.0-24-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Sat Jun 18 18:04:26 2016
EcryptfsInUse: Yes
Lsusb:
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 003: ID 04f2:b550 Chicony Electronics Co., Ltd
Bus 001 Device 002: ID 8087:0a2a Intel Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: System76, Inc. Lemur
ProcEnviron:
LANGUAGE=en_US
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-24-generic.efi.signed
root=UUID=7aecd352-8a3f-4ce9-88b8-0fc048dc9660 ro quiet splash vt.handoff=7
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 11/29/2015
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 1.05.06RS76
dmi.board.asset.tag: Tag 12345
dmi.board.name: Lemur
dmi.board.vendor: System76, Inc.
dmi.board.version: lemu6
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: System76, Inc.
dmi.chassis.version: N/A
dmi.modalias:
dmi:bvnAmericanMegatrendsInc.:bvr1.05.06RS76:bd11/29/2015:svnSystem76,Inc.:pnLemur:pvrlemu6:rvnSystem76,Inc.:rnLemur:rvrlemu6:cvnSystem76,Inc.:ct10:cvrN/A:
dmi.product.name: Lemur
dmi.product.version: lemu6
dmi.sys.vendor: System76, Inc.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1594035/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
