From owner-freebsd-questions@FreeBSD.ORG Thu Jul 1 22:57:28 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AE16B1065670 for ; Thu, 1 Jul 2010 22:57:28 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 5E9558FC20 for ; Thu, 1 Jul 2010 22:57:28 +0000 (UTC) Received: by vws6 with SMTP id 6so2283190vws.13 for ; Thu, 01 Jul 2010 15:57:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=mqT+Gjh+erXFw740dtWpFgCaYkeO+mYp3j1o4xRDCkE=; b=vV5+rO8jri/XYKXjVHFSJDlrej+6NOIq5PikSxrg94owL5xrqF/dVLZiLUGRa2Hzc4 TXjfP+rsGOnklOERLFADuixyn07VS3Yof+8e364ZRbVFuBmcwGplUORjAMjNxiPz9OE5 LtXgdCTIL2s4u4va5/zRB96dZi7vnmS371N4k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=fKvJLnb7t/JpLWvzoqhoUipqwsMPzJbW9kiAsYb4obt1garw6sUa2RpTYS9it8E97A hRgXxr8wx9Ohn+DRNEkL7fD6L7eLqlxz/LAJ/Co2WlKlkIAItz4DhASaTOVfDNWSpYmH qYU/s8bDVoWCLileMkvCOd98Hu414AzY9AASQ= MIME-Version: 1.0 Received: by 10.229.240.212 with SMTP id lb20mr143012qcb.106.1278025047623; Thu, 01 Jul 2010 15:57:27 -0700 (PDT) Received: by 10.229.109.195 with HTTP; Thu, 1 Jul 2010 15:57:27 -0700 (PDT) In-Reply-To: <1256109284.365181278000846989.JavaMail.root@mail-01.cse.ucsc.edu> References: <1256109284.365181278000846989.JavaMail.root@mail-01.cse.ucsc.edu> Date: Thu, 1 Jul 2010 17:57:27 -0500 Message-ID: From: Adam Vande More To: Tim Gustafson Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: fusefs-cryptofs vs fusefs-cryptofs X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2010 22:57:28 -0000 On Thu, Jul 1, 2010 at 11:14 AM, Tim Gustafson wrote: > > I use file backed GELI fs in this manner. Of course you > > can script it yourself, but I find the ez-jail handles my > > requirements perfectly. > > Thanks, I'll look into using GELI. I think if I do that, I'll have to > mount the file system in the host environment at boot time so that it can > prompt for the pass phrase properly, as there really isn't much of a > "console" for each jailed environment. The ezjail script includes the prompt for password when starting a jail. It prompts from the host console. My backup setup is also a file backed GELI fs mounted over sshfs. That's a manual config outside of ezjail One other thing to note is that performance isn't jaw dropping to say the least, but my setup is VM based and io speed isn't a large concern for me. Your performance results could easily be better than mine. -- Adam Vande More