[systemd-devel] cryptsetup units are actuvated by default

Andrey Borzenkov arvidjaar at gmail.com
Fri Feb 11 22:11:06 PST 2011

Currently all encrypted disks found in crtypttab are activated (by
adding WantedBy cryptsetup.target) unless cryptsetup contains noauto.

Unfortunately noauto is not even documented in cryptsetup man page and
is unlikely to be present on any system. The standard behaviour, found
at least in RH-like init scripts is to activate those encypted
containers that are needed for file systems mounted on boot
(respectively, for those that are swap).

So after switching to systemd user is suddenly presented with password
requests which (s)he never expected before. Nor are those password
requests necessary, as these encrypted containers may be opened only
on demand, not even every time system is booted. And in case of shared
system user may not even know passwords for all units.

So removing default WantedBy=cryptsetup.target results in expected
(well, compatible) behaviour - cryptsetup unit is implicitly pulled in
by mountpoint (I have not tried swap but I assume it is the same) if
this mount point is auto-mounted on startup.

I think it should be default by "least surprise" principle and - if
needed at all - it is better to add "systemd_auto" or like to
explicitly request startup.

More information about the systemd-devel mailing list