> 1) Is 'secure use of cryptsetup by non-root' a supported use case? It would be interesting to read an explanation of how you think that *direct* use of 'cryptsetup' by users, instead of through something like 'sudo' or by request to a daemon running as 'root', could be "secure", given that there are two cases: * The DM block device is not going to be used as a filesystem container, but as if it was a file, and then there is no big reason to use DM at all but perhaps in some special cases. * The DM block device is going to be mounted as a filesystem, and thus user can put into it any inodes they want, such as for 'root'-setuid executables or arbitrary device special files, and then the whole system security is compromised. _______________________________________________ dm-crypt mailing list -- dm-crypt@xxxxxxxx To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
