Date: Wed, 30 Jun 2010 19:07:34 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Tim Gustafson <tjg@soe.ucsc.edu> Cc: freebsd-questions@freebsd.org Subject: Re: fusefs-cryptofs vs fusefs-cryptofs Message-ID: <4C2B87E6.7020501@infracaninophile.co.uk> In-Reply-To: <1832862951.338331277917345049.JavaMail.root@mail-01.cse.ucsc.edu> References: <1832862951.338331277917345049.JavaMail.root@mail-01.cse.ucsc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 30/06/2010 18:02:25, Tim Gustafson wrote: >> On FreeBSD, this is spelled GELI (or GBDE, but I think geli is >> slightly better). Native filesystem level encryption -- rather >> more efficient than something like fuse, needs no extra software >> installed, very secure. > > Sorry, I should have been more specific: > > This is in the context of a jailed system. So, the encrypted file > system must be creatable, configurable, mountable and unmountable > entirely from within a jail. Hmmm... There are various controls that affect being able to mount or unmount filesystems within jails. See the item on 'allow.mount' item in jail(8). In principle you should be able create a file-backed metadevice (mdconfig(8)), configure it with geli encryption, create a filesystem on it and mount it within a jail. In practice, I haven't tried this, so no real idea if it works or not. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwrh+YACgkQ8Mjk52CukIxjbwCeK6FrNy6zsd1N8j4TYQUBx7Sw yLgAnia5pPxo2x2lJyn8msh5KD7CjNCF =La8N -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C2B87E6.7020501>