You are not logged in.
I'd like to use fscrypt within a LXC to encrypt a directory therein. I'm finding that the user space util, fscrypt does not like the fact that it is containerized. For example, I start the container and ssh into it:
# fscrypt setup
Defaulting to policy_version 2 because kernel supports it.
Customizing passphrase hashing difficulty for this system...
Created global config file at "/etc/fscrypt.conf".
[ERROR] fscrypt setup: /: not a mountpoint
Further:
% mkdir ~/test
% fscrypt encrypt ~/test
[ERROR] fscrypt encrypt: root of filesystem on device "/dev/nvme0n1p3" (259:3) is not visible in the current mount namespace
I was reading the lxc.container.conf man page and it seems I want to use a config option called lxc.hook.pre-mount but I am unclear on configuring it or if it's needed for this use-case. I'd like to avoid having to encrypt this target outside of the container before I start it.
EDIT: https://github.com/google/fscrypt/issues/211
Last edited by graysky (2020-06-30 10:25:33)
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline