Using fscrypt within a linux container (lxc) to encrypt a dir [solved]

graysky · 2020-03-28 00:00:56

I'd like to use fscrypt within a LXC to encrypt a directory therein. I'm finding that the user space util, fscrypt does not like the fact that it is containerized. For example, I start the container and ssh into it:

# fscrypt setup
Defaulting to policy_version 2 because kernel supports it.
Customizing passphrase hashing difficulty for this system...
Created global config file at "/etc/fscrypt.conf".
[ERROR] fscrypt setup: /: not a mountpoint

Further:

% mkdir ~/test
% fscrypt encrypt ~/test
[ERROR] fscrypt encrypt: root of filesystem on device "/dev/nvme0n1p3" (259:3) is not visible in the current mount namespace

I was reading the lxc.container.conf man page and it seems I want to use a config option called lxc.hook.pre-mount but I am unclear on configuring it or if it's needed for this use-case. I'd like to avoid having to encrypt this target outside of the container before I start it.

EDIT: https://github.com/google/fscrypt/issues/211

Last edited by graysky (2020-06-30 10:25:33)

Arch Linux

#1 2020-03-28 00:00:56

Using fscrypt within a linux container (lxc) to encrypt a dir [solved]

Board footer