From owner-freebsd-hackers@FreeBSD.ORG Mon Mar 5 15:28:05 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2C387106566B for ; Mon, 5 Mar 2012 15:28:05 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id CEEEC8FC08 for ; Mon, 5 Mar 2012 15:28:04 +0000 (UTC) Received: by vcmm1 with SMTP id m1so2671014vcm.13 for ; Mon, 05 Mar 2012 07:28:04 -0800 (PST) Received-SPF: pass (google.com: domain of rsimmons0@gmail.com designates 10.52.72.107 as permitted sender) client-ip=10.52.72.107; Authentication-Results: mr.google.com; spf=pass (google.com: domain of rsimmons0@gmail.com designates 10.52.72.107 as permitted sender) smtp.mail=rsimmons0@gmail.com; dkim=pass header.i=rsimmons0@gmail.com Received: from mr.google.com ([10.52.72.107]) by 10.52.72.107 with SMTP id c11mr30941734vdv.132.1330961284316 (num_hops = 1); Mon, 05 Mar 2012 07:28:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=nGeGSEg7JSHyB1eBRrhz+SBjlklV41l1Pfw6i9dntCY=; b=A09orstR1eG5n5UKOplU8IFX2XwNyzawyIOENtKtIAa501FudgLyPPaaLZqrAmev54 973yBlZ+v6T8WF6/5cpjewaMGnwsHj6BrhLNDcs3ld6gsvrXI8Pu4vTsLSPoWXEL/Vyi b53aHI0wiVI4kn6ZwZa5fHNhIx8LbIYIKdPuJSQ8OudT6n8GmprG0ssHRjIfunVB1HQm xvZ5hOTkHkNxdeqX0ChIr2dFO6w8jhG2wmVLSbCdXRY+ElZ2fpUdPt/cuaV3nhjhy84e tmj3PPt10YqBOosAudsCZBAyP/CO4emI/PNGbf467pe9nc7WIikYPSzQCPkquZoBsH8h /nZQ== MIME-Version: 1.0 Received: by 10.52.72.107 with SMTP id c11mr26496532vdv.132.1330961284264; Mon, 05 Mar 2012 07:28:04 -0800 (PST) Received: by 10.52.65.114 with HTTP; Mon, 5 Mar 2012 07:28:04 -0800 (PST) In-Reply-To: <20120305101429.59f23f86@ernst.jennejohn.org> References: <20120305101429.59f23f86@ernst.jennejohn.org> Date: Mon, 5 Mar 2012 10:28:04 -0500 Message-ID: From: Robert Simmons To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: Where and when /etc/fstab is checking during boot X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Mar 2012 15:28:05 -0000 On Mon, Mar 5, 2012 at 4:14 AM, Gary Jennejohn wrote: > On Sun, 4 Mar 2012 19:32:36 -0500 > Robert Simmons wrote: > >> I've just finished working though building a FreeBSD box with an >> encrypted root partition as mentioned in the geli(8) man page: "Ask >> for the passphrase on boot, before the root partition is mounted. >> This makes it possible to use an encrypted root partition. =A0One will >> still need bootable unencrypted storage with a /boot/ directory, which >> can be a CD-ROM disc or USB pen-drive, that can be removed after >> boot." >> >> I've noticed something quite interesting about the way that fstab is >> read during boot. =A0If you follow the instructions exactly as they are >> written in the geli(8) man page you soon discover that you also must >> have an /etc/fstab file in that same unencrypted partition. =A0But this >> need not be the complete fstab file. =A0It only needs to have the one >> line that describes /. >> >> Later, after the encrypted partition is mounted, the /etc/fstab inside >> the encrypted partition is then read and all other partitions listed >> in fstab are mounted as written there. >> >> I've tested this by putting empty fstabs and fstabs with just the line >> for / in both locations and booting to see what happens. >> >> Is this the correct behavior? =A0Shouldn't the fstab file be read >> completely once and not twice? >> > > man 5 fstab > > It isn't explicitly stated, but implied, that fsck(8), mount(8) and > umount(8) parse fstab every time they're invoked. > > It's a feature. Got it. I will submit a patch for the geli(8) man page to include that /etc/fstab needs to exist on the unencrypted volume as well as /boot for an encrypted root partition to work properly (as I have gather through trial and error).