Re: Re: boot.cryptmap on Fedora?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 5/23/06, Marc Schwartz <MSchwartz@xxxxxxxxx> wrote:


> I figured out that I can log on as root and still be able to unmount
> /home to encrypt it, but then what do I need to do in order to mount it
> during boot?  It gets mounted (I think) well before /etc/rc.d/rc.local
> is run, which is where /sbin/luksopen is being launched.  So, because
> the partition is encrypted but not mapped, the boot process is abruptly
> halted.
>
> Can you shed some light on this problem?

I am going to guess that you have not modified /etc/fstab so that the
original partition mapping for /home is either removed or commented out.
If not, then the system (via HAL) will attempt to mount the original
/home partition at boot, which you of course don't want.



I actually did modify /etc/fstab  by changing from /dev/vg0/home mounted on
/home to new encrypted device /dev/mapper/home mounted on /home.  Of course,
because of this change, /home did not get mounted as expected, but then I
encountered two new problems.  (1) udev was failing during the boot.  I have
not read up on udev, so I don't understand the significance of this, but I
know the boot stopped.  (2) I am not being prompted by luksopen during the
boot when udev did not fail (udev did not fail all the time).

By the way, is that the best way to encyrpt /home?  This is basically what I
did: (1) log on as root, (2) userdel jmaher (/home/jmaher is getting wiped
anyway), (3) unmount /home, (4) encrypt /home, (5) re-mount /home, (6)
useradd -m jmaher.  I used the following to encrypt:
   cryptsetup -y luksFormat /dev/vg0/home
   cryptsetup luksOpen /dev/vg0/home home

I'm still experimenting, but if you have any thoughts I welcome them.


BTW, you should check on the same thing for the original swap partition,

which will look something like:

   # /dev/shm          /dev/shm    tmpfs   defaults        0 0
   # LABEL=SWAP-hdc7   swap        swap    defaults        0 0



I did modify the swap line in /etc/fstab from:

   /dev/vg0/swap        swap        swap        defaults        0 0

to:

   /dev/mapper/swap0        swap        swap        defaults        0 0

but I was not aware that I needed to do anything with the tmpfs line.
Should I still change that line?  It appears that encrypted swap is
functioning properly.



Hope that this gets you back on track.



I'm getting close.

John
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux