OpenVZ Forum: Support » Truecrypt in OpenVZ

Home » General » Support » Truecrypt in OpenVZ

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Truecrypt in OpenVZ [message #25185]

Mon, 17 December 2007 08:41

RobinVossen
Messages: 36
Registered: November 2007

Member

Is there a way to install a On-the-Fly-Disk-Encryption program in a OpenVZ?
Since they need Kernel stuff.. (Not sure what or why)
id really love to run TrueCrypt or ScramDisk4Linux (SD4L)
http://www.scramdisklinux.org/
http://www.truecrypt.org/

Thanks already..
Any Document or How to or whatever will be really great..

Cheers,
Robin

Report message to a moderator

Re: Truecrypt in OpenVZ [message #25186 is a reply to message #25185]

Mon, 17 December 2007 08:44

kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia

Senior Member

I guess you can use CryptoFS (http://reboot.animeirc.de/cryptofs/) via FUSE, also makes sense to look at dm-crypt.

Kir Kolyshkin

http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: Truecrypt in OpenVZ [message #25194 is a reply to message #25185]

Mon, 17 December 2007 13:33

RobinVossen
Messages: 36
Registered: November 2007

Member

Thanks ^^
I tried dm-crypt since I cant really use the Fuse one Wink

But ok, Installed all.
Now I need to use it.
I did mount proc in my OpenVZ system (since it needs proc) and now I need to use /dev of the original system aswell.
is it save to mount that? And how to mount that?
Since I first have to use dm-setup to create a device so I did that and I got this:


1 / # dmsetup create sxb
/dev/mapper/control: open failed: Permission denied
Failure to communicate with kernel device-mapper driver.
Command failed

Im not sure I understand it but if I do I need:

dmsetup create <name>
0 <sector count> crypt <sector format> <key> <IV offset> <real device> <sector offset>
cryptsetup [<OPTIONS>] create <name> [<device>]
cryptsetup [<OPTIONS>] status <name> [<device>]

I hope I am right here?
I need to mount it only when the user wants to. So not when the system boots.

Cheers,
Robin

Report message to a moderator

Re: Truecrypt in OpenVZ [message #25199 is a reply to message #25194]

Mon, 17 December 2007 14:13

kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia

Senior Member

You can use vzctl set --devices/--devnodes to give a VE an access to /dev/mapper/control (and other devices that it needs). Still, I'm not sure it will work, and (more important) what the security consequences could be.

Thus I recommend to give FUSE-based thing a try.

Kir Kolyshkin

Report message to a moderator

Re: Truecrypt in OpenVZ [message #25201 is a reply to message #25199]

Mon, 17 December 2007 14:42

RobinVossen
Messages: 36
Registered: November 2007

Member

Thanks a lot Smile

Well I just cant use Fuse. Since we have some problems with that back in the past.
This looks just fine.
Only a pain to setup Wink

Since now I got:

dmsetup create sxb
device-mapper: version ioctl failed: Permission denied
Command failed

So I guess I have to find out what that means.
Anyhow thanks a lot Very Happy

Report message to a moderator

Previous Topic:	how can i update vzctl from 3.0.18 to 3.0.20
Next Topic:	Running kernel is not OpenVZ kernel.

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Wed Dec 10 03:53:23 GMT 2025

Total time taken to generate the page: 0.13303 seconds