Hi, thanks for creating and maintaining such an amazing software!
I've a question regarding mounted LUKS's device's exposure. Suppose I bought a VPS from a provider (non-OpenVZ server) and the root file system, let's say /dev/sda is unencrypted and that's where my OS is installed. Suppose, I've created a LUKS device /dev/sdb1, which is within /dev/sda (and mapper located at /dev/mapper/sdb1_crypt) and I mounted /dev/mapper/sdb1_crypt into my rootfs tree at /mnt/sdb1_crypt_files and the mount path is hot, meaning a process like web server is writing/reading to it or not hot at all. Suppose my VPS provider wants to view contents of /mnt/sdb1_crypt_files, will they be able to mount the device file /dev/sda to view the contents at /dev/mapper/sdb1_crypt or /mnt/sdb1_crypt_files? Meaning, since /dev/mapper/sdb1_crypt, /dev/sdb1 or /mnt/sdb1_crypt_files are *within* the main or root /dev/sda will they get access to the files which is within the LUKS device (and decrypted at /dev/mapper/sdb1_crypt) too? I do know that LUKS uses device mapper's abstraction to read/write data directly to the underlying /dev/sdb1 encrypted block device (encryption and decryption on the fly) but my understanding is too vague and I'm not sure if I'm even correct to begin with. I guess even if they mount /dev/sda, they'll only see an empty /mnt/sdb1_crypt? It'd be really nice if someone could explain this.
Thank you.
_______________________________________________ dm-crypt mailing list -- dm-crypt@xxxxxxxx To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
