Date: Wed, 30 Jun 2010 19:07:34 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Tim Gustafson <tjg@soe.ucsc.edu> Cc: freebsd-questions@freebsd.org Subject: Re: fusefs-cryptofs vs fusefs-cryptofs Message-ID: <4C2B87E6.7020501@infracaninophile.co.uk> In-Reply-To: <1832862951.338331277917345049.JavaMail.root@mail-01.cse.ucsc.edu> References: <1832862951.338331277917345049.JavaMail.root@mail-01.cse.ucsc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 30/06/2010 18:02:25, Tim Gustafson wrote:
>> On FreeBSD, this is spelled GELI (or GBDE, but I think geli is
>> slightly better). Native filesystem level encryption -- rather
>> more efficient than something like fuse, needs no extra software
>> installed, very secure.
>
> Sorry, I should have been more specific:
>
> This is in the context of a jailed system. So, the encrypted file
> system must be creatable, configurable, mountable and unmountable
> entirely from within a jail.
Hmmm... There are various controls that affect being able to mount or
unmount filesystems within jails. See the item on 'allow.mount' item in
jail(8).
In principle you should be able create a file-backed metadevice
(mdconfig(8)), configure it with geli encryption, create a filesystem on
it and mount it within a jail. In practice, I haven't tried this, so no
real idea if it works or not.
Cheers,
Matthew
- --
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew@infracaninophile.co.uk Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwrh+YACgkQ8Mjk52CukIxjbwCeK6FrNy6zsd1N8j4TYQUBx7Sw
yLgAnia5pPxo2x2lJyn8msh5KD7CjNCF
=La8N
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C2B87E6.7020501>