From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com [IPv6:2a00:1450:4864:20::42a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Sun, 26 Jul 2020 20:41:45 +0200 (CEST) Received: by mail-wr1-x42a.google.com with SMTP id r4so9766941wrx.9 for ; Sun, 26 Jul 2020 11:41:45 -0700 (PDT) References: From: Milan Broz Message-ID: <856e3a4a-7381-88f2-c5e2-b938292c788c@gmail.com> Date: Sun, 26 Jul 2020 20:41:43 +0200 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Attaching loopback device failed List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Fourhundred Thecat <400thecat@gmx.ch>, dm-crypt@saout.de On 26/07/2020 20:23, Fourhundred Thecat wrote: > Hello, > > I have both luks headerand key in files > > # ls > LUKS-HEADER key > > the directory is read-only (chattr -R +i .) > > When I try to luksOpen my paretition, I get following error: > > # cryptsetup --allow-discards luksOpen /dev/sda2 sda2 --header > LUKS-HEADER --key-file key > Attaching loopback device failed (loop device with autoclear flag is > required). > Device LUKS-HEADER doesn't exist or access denied. > > when I change the current directory to read-write (chattr -R -i .) then > it works. > > But why does cryptsetup need luks header and key to be writable ? It should not. Can you run the command with --debug and post the output? Does it work if you activate it with read-only flag (--readonly / -r)? Fopr these reports, we always need version (kernel, utility, crypto backend etc), debug output should include all these versions. Milan