Hi, I'm currently wondering what's the best way to retain the comfort mount offers for cryptoloop when using dm-crypt instead. With cryptoloop one can specify all crypto options in fstab and mount itself sets up the loop device. Therefore by also adding the 'user' option unprivileged users are able to mount encrypted partitions. With dm-crypt there is currently no way for unprivileged users to mount paritions at run time, one has to let the init script that processes /etc/crypttab do the work during boot. Several people offer scripts that abuse mount's feature to call a custom helper program for unkown file systems, like /bin/mount.dmcrypt. That's ugly as one has to specify the real fs in the options column. Tools like fsck won't recognize that. There is also this patch http://people.redhat.com/kzak/util-linux-cryptsetup/util-linux-2.13-pre6-cryptsetup.patch which utilizes libcryptsetup. Both methods have the disadvantage that one needs to specify all crypto options in fstab then. IMO the crypto options should stay in /etc/crypttab and /etc/fstab should only list the mount options. Since there are already means to process /etc/crypttab mount does not need to do that itself. So what about adding support for an fstab option that specifes a helper program to set up the real block device? I'd imagine something like this in fstab: /dev/sdc1 /bar ext2 noauto,user,bhelper=/sbin/crypttabhelper 0 0 /etc/crypttab: foo /dev/sdc1 none cipher=twofish-cbc-plain,size=256,hash=sha512,itercountk=100,noauto mount would then call "/sbin/crypttabhelper /dev/sdc1". The helper parses /etc/crypttab, sets up the device mapper target and prints the created block device to stdout, for example /dev/mapper/foo. mount then actually needs to mount /dev/mapper/foo instead of /dev/sdc1. Ie quite similar to how the loop option works. Does anyone have an opinion on that? Does any distro maybe already ship with a method to allow unprivileged user to manually setup and mount dm-crypt stuff? cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) - To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
