~derf / interblag / entry / Using cryptsetup / LUKS2 on SSHFS images

Occasionally, I need to open remote LUKS2 images (i.e., files) that I access via SSHFS. This used to work just fine: mount an sshfs, run cryptsetup luksOpen and access the underlying filesystem. However, a recent cryptsetup upgrade introduced (or changed?) its locking mechanism. Now, before opening an image file, it tries to aqcuire a read lock, which will fail with ENOSYS (Function not implemented) on sshfs mountpoints. This, in turn, causes cryptsetup to report "Failed to acquire read lock on device" and "Device ... is not a valid LUKS device.".

There doesn't seem to be a simple way of disabling this (admittedly, in 99% of cases desirable) feature, so for now I'm working around it by just having flock always return success, thanks to the magic of LD_PRELOAD and a flock stub:

#include <sys/file.h>

int flock(int fd, int operation)
{
    return 0;
}

Compile as follows:

> ${CC} -O2 -Wall -fPIC -c -o ignoreflock.o ignoreflock.c
> ${CC} -fPIC -O2 -Wall -shared -Wl,-soname,ignoreflock.so.0 -o ignoreflock.so.0 ignoreflock.o -ldl

And then call LD_PRELOAD=..../ignoreflock.so.0 cryptsetup luksOpen ... (or sudo env LD_PRELOAD=..../ignoreflock.so.0 cryptsetup luksOpen ...). ignoreflock provides a handy stub, Makefile and wrapper script for this.