PAM mount with LVM on LUKS on LVM

davermont · 2014-10-05 20:10:03

I'm hoping someone can help me in figuring out how to get pam_mount to mount my encrypted home LVM home volume, which lives in an encrypted LVM volume group inside a LUKS container. lsblk shows this after the LUKS container is open:

sda
|- sda1
`- sda2
  |- volumegroup-rootvol
  |- volumegroup-swapvol
  |- volumegroup-varvol
  `- volumegroup-encryptvol
     `- lukscontainer
        `- cryptovolumegroup-myhomevol

On login the last two lines, lukscontainer and below aren't shown because I have to run the following to open the LUKS container and mount the home volume:

# cryptsetup open --type luks --allow-discards /dev/mapper/volumegroup-encryptvol lukscontainer
# mount -o noatime,discard /dev/mapper/cryptovolumegroup-myhomevol /home/username

This is what I currently have in my /etc/security/pam_mount.conf.xml:

<lclmount>mount -o rw,noatime,discard,data=ordered /dev/mapper/cryptovolumegroup-myhomevol /home/username</lclmount>
<volume user="username" fstype="auto" path="/dev/mapper/cryptovolumegroup-myhomevol" mountpoint="/home/username" options="rw,noatime,discard,data=ordered" />
<mkmountpoint enable="1" remove="true" />

Frankly, I'm at a loss as to what my /etc/security/pam_mount.conf.xml should look like to effectively mount my home on login. Anyone really know what they're doing here? I'm afraid that my use case may not even be something that pam_mount is capable of.

Thanks,
D

Arch Linux

#1 2014-10-05 20:10:03

PAM mount with LVM on LUKS on LVM

Board footer