Arch Linux

owain

Member

Registered: 2009-08-24

Posts: 251

How to access eCryptFS-encrypted folders from 32-bit chroot

I've got some of my personal folders, including 'Documents', encrypted as per the wiki.  It all works fine from within the 64-bit environment, but from within my 32-bit chroot I cannot get at the data - the ~/private folder appears empty.  I've tried installing ecryptfs-utils and keyutils in the chroot, to see if that helped, but I suspect I need to do something with mount points?  If so, what?  (I've currently got the eCryptFS mount point in the 64-bit /etc/fstab)

shadowkait

Member

Registered: 2010-08-08

Posts: 1

Re: How to access eCryptFS-encrypted folders from 32-bit chroot

I figure the OP's long since had his question answered, but I thought I'd post this here for anyone else who, like me, was looking for the solution.

When mounting filesystems in the chroot, be sure to use the "rbind" option instead of "bind" for /home - that is, if you want your encrypted folders accessible.  Bind only mounts the single target filesystem, while rbind mounts all filesystems in the tree.

owain

Member

Registered: 2009-08-24

Posts: 251

Re: How to access eCryptFS-encrypted folders from 32-bit chroot

I'm afraid it hadn't been answered!

I've got the following as /etc/rc.d/arch32, listed in /etc/rc.conf:

#!/bin/bash

. /etc/rc.conf
. /etc/rc.d/functions

case $1 in
    start)
        stat_busy "Starting Arch32 chroot"
        mount --bind /proc /opt/arch32/proc
        mount --bind /proc/bus/usb /opt/arch32/proc/bus/usb
        mount --bind /dev /opt/arch32/dev
        mount --bind /dev/pts /opt/arch32/dev/pts
        mount --bind /dev/shm /opt/arch32/dev/shm
        mount --bind /sys /opt/arch32/sys
        mount --bind /tmp /opt/arch32/tmp
        mount --bind /home /opt/arch32/home
    mount --bind /var/run /opt/arch32/var/run
    mount --bind /var/lib/dbus /opt/arch32/var/lib/dbus
        add_daemon arch32
        stat_done
        ;;
    stop)
        stat_busy "Stopping Arch32 chroot"
        umount /opt/arch32/proc/bus/usb
        umount /opt/arch32/proc
        umount /opt/arch32/dev/pts
        umount /opt/arch32/dev/shm
        umount /opt/arch32/dev
        umount /opt/arch32/sys
        umount /opt/arch32/tmp
        umount /opt/arch32/home
        umount /opt/arch32/var/run
    umount /opt/arch32/var/lib/dbus
    rm_daemon arch32
        stat_done
        ;;
    restart)
        $0 stop
        sleep 1
        $0 start
        ;;
    *)
        echo "usage: $0 {start|stop|restart}"
esac
exit 0

Changing 'mount --bind /home...' to '..--rbind' didn't make any difference, but is this maybe because I access the encrypted folders after this has happened?