From owner-freebsd-questions@FreeBSD.ORG  Thu Jul  1 01:50:20 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EE2BA1065670
	for <freebsd-questions@freebsd.org>;
	Thu,  1 Jul 2010 01:50:19 +0000 (UTC)
	(envelope-from amvandemore@gmail.com)
Received: from mail-qw0-f54.google.com (mail-qw0-f54.google.com
	[209.85.216.54])
	by mx1.freebsd.org (Postfix) with ESMTP id A3E7A8FC0C
	for <freebsd-questions@freebsd.org>;
	Thu,  1 Jul 2010 01:50:19 +0000 (UTC)
Received: by qwg5 with SMTP id 5so626427qwg.13
	for <freebsd-questions@freebsd.org>;
	Wed, 30 Jun 2010 18:50:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:received:in-reply-to
	:references:date:message-id:subject:from:to:cc:content-type;
	bh=tCi2scKpUx40KB+VPLX5cQK+TPtUMJlvhkLb/kYhhkI=;
	b=hieWpCIXQ57TZGz8ai1lJCdDETk7Dmd4blqgcwg0UrD3YnztR4iL2G16o0D7cgn0Eb
	kMcPzyRadfKUTf1xf6OzkKd2SuzyOVGsS81WUecDrlGvRe4ogxGANLVbUeMpAayWkBNo
	Eeavb4Md8JuEevQWYnhEMDtUREybUryuehGsU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	b=qWaZLTAM4VAmmS6OqVrczgch6+D7uesrrEhNnfCf7lUfkmSMd9rnDYOnGaZoUz6deo
	0O9ye1mC6AKW4MLbCHku+ZKcSw+pz23h+D1mTIdMm0lEU1XeBLYoNVO+7xsHp8amEQjQ
	CTGsQdmWdlx7j/M9NZ3AFBmRU3XMAQlCksOaA=
MIME-Version: 1.0
Received: by 10.224.92.76 with SMTP id q12mr6619536qam.150.1277949006789; Wed, 
	30 Jun 2010 18:50:06 -0700 (PDT)
Received: by 10.229.109.195 with HTTP; Wed, 30 Jun 2010 18:50:06 -0700 (PDT)
In-Reply-To: <1832862951.338331277917345049.JavaMail.root@mail-01.cse.ucsc.edu>
References: <4C2B747E.3060500@infracaninophile.co.uk>
	<1832862951.338331277917345049.JavaMail.root@mail-01.cse.ucsc.edu>
Date: Wed, 30 Jun 2010 20:50:06 -0500
Message-ID: <AANLkTinCarI4JRkDnw8PCHcOn3VpA_wP6303a7oSEU33@mail.gmail.com>
From: Adam Vande More <amvandemore@gmail.com>
To: Tim Gustafson <tjg@soe.ucsc.edu>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-questions@freebsd.org
Subject: Re: fusefs-cryptofs vs fusefs-cryptofs
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jul 2010 01:50:20 -0000

On Wed, Jun 30, 2010 at 12:02 PM, Tim Gustafson <tjg@soe.ucsc.edu> wrote:

> > On FreeBSD, this is spelled GELI (or GBDE, but I think geli is
> > slightly better).  Native filesystem level encryption -- rather
> > more efficient than something like fuse, needs no extra software
> > installed, very secure.
>
> Sorry, I should have been more specific:
>
> This is in the context of a jailed system.  So, the encrypted file system
> must be creatable, configurable, mountable and unmountable entirely from
> within a jail.


I use file backed GELI fs in this manner.  Of course you can script it
yourself, but I find the ez-jail handles my requirements perfectly.  See the
Eli section

http://www.freebsd.org/cgi/man.cgi?query=ezjail-admin&sektion=1&apropos=0&manpath=FreeBSD+8.0-RELEASE+and+Ports

if you want it to be a seperate fs, you'll need to customize I believe.



-- 
Adam Vande More