This patch allows dm-crypt to create loop mappings in conf.d/cryptfs. 1. Create a file, encrypt it, mkfs, mount, e.g. # dd if=/dev/zero of=/mnt/crypt/home bs=1024 count=20000000 (20 gig file) # losetup /dev/loop0 /mnt/crypt/home # cryptsetup -y -c serpent -s 256 create home-crypt /dev/loop0 (create/enter password) # mkfs.xfs /dev/mapper/home-crypt # mount -o rw,noatime,nodev,nosuid,quota /dev/mapper/home-crypt /home (test it) # umount /home (add fstab entry) /dev/mapper/home-crypt /home xfs noatime,nodev,nosuid,quota,rw 0 2 2. Add to conf.d/cryptfs. This is pretty much like any other mount, with one extra setting (loop_file=). e.g., mount='home-crypt' source='/dev/loop0' options='-c serpent -s 256' loop_file='/mnt/crypt/home' 3. Assuming the file was set up correctly in the first place, the scripts will handle the rest. Specifically: - checkfs was modified to parse for loop_file and set up the loop device(s). - localmount was modified so that it doesn't complain about loop_file syntax. - halt.sh was modified to remove the loops after taking down the dm-crypt maps. - conf.d/cryptfs was modified with comments to show an example loop mount.
Created attachment 45403 [details, diff] rc-scripts-1.6.7 patch v1
I'm not interested in testing this. I can't see why people would use a loopback filesystem under a dm-crypt mapping. However, from my brief scan of the patch it looks fine to me if that counts for anything. I'd really like a note adding to the example config that there is no requirement to use any loop mounts at all to make use of dm-crypt.
You can't see why someone would use a loop under dm-crypt? 1. someone needs to encrypt parts of an existing filesystem, and 2. can't fdisk for whatever reason and just use a raw device perhaps most importantly, 3. cryptoloop has been broken/unmaintained since 2.6.8. I use dm-crypt both ways, and believe it is intuitively obvious that you don't have to use loops to use dm-crypt. Anyone who has gotten far enough along to be configuring conf.d/cryptfs has used cryptsetup, so we don't need to spell it out for them.
Created attachment 45440 [details, diff] rc-scripts-1.6.7 patch v2 fix to typo in localmount
now in cvs, thanks guys
Hi, I noticed but forgot to mention (and tell me if this should be another bug, because I'll open it), that this setup won't help with loopback files not stored on root. Since mounting/setup of the systems is done during the checkfs phase, a directory such as /home may not have been mounted. If there's a loopback filesystem on there, then at boot time it won't be found and won't be automatically mounted. After it gets to the localmount section it doesn't actually do any mounting... I don't entirely know how to fix this, since it may be that some loopback systems contain other areas to be mounted. It looks like it may need some kind of sort to figure out the order to mount everything in. Anyway, for the time being at least, loopback systems must be stored on a device that is already mounted by the time checkfs runs... Hope this is of some help, even though it's a bit late... Mike 5:)
m.auty: Yeah, that will need to be a new bug (enhancement) to address those other use cases. I will be happy to test it if you work up a patch. vapier: cheers
