>> 1) Is 'secure use of cryptsetup by non-root' a supported use case? > It would be interesting to read an explanation of how you think that *direct* use of 'cryptsetup' by users, ... could be "secure", .... Are you asking for justification for why this is a valid use case or asking about the technical limitations for said use case? For the latter, that's what we are discussing. Allowing non root access to encrypted storage may take a lot of work but since this and upstream limitations are open source we could make it happen. To do that requires understanding, discussion, planning, etc.--even if I end up doing it all myself. The use case is END USER + ENCRYPTION. cryptsetup, LUKS, device mapper are means to that end. Direct use of cryptsetup is only 1 possible path. Just in case you are asking the former: allowing non root users secure access to 'features' is generally a way to avoid something like the windows security model where almost everything has to be run as admin to get anything done. -- JT _______________________________________________ dm-crypt mailing list -- dm-crypt@xxxxxxxx To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
