device mapper inside VE [message #41369] |
Tue, 11 January 2011 11:12 |
jeanroch
Messages: 2 Registered: January 2011 Location: france
|
Junior Member |
|
|
hello,
I would like to encrypt an entire disk inside a VE with cryptsetup. But I didn't manage to use device mapper.
[root@sauvegarde ~]# dmsetup table /dev/vgr0/sauvegarde
/proc/devices: No entry for misc found
Is device-mapper driver missing from kernel?
/dev/mapper/control: open failed: Operation not permitted
Failure to communicate with kernel device-mapper driver.
Command failed
/proc/devices is empty and /dev/mapper/control is already present
[root@sauvegarde ~]# ll /dev/mapper/
total 0
crw-r----- 1 root root 10, 59 Jan 10 23:24 control
I have tried to give somes capability, but without success,
[root@storalca1 ~]# tail -2 /etc/vz/conf/48101.conf
DEVNODES="vgr0/sauvegarde:rw "
CAPABILITY="SYS_MODULE:on MKNOD:on "
kernel 2.6.32.25 with patch dzhanibekov (device mapper and dm-crypt are compiled in the kernel)
vzquota 3.0.12
vzctl 3.0.25
|
|
|
|
|
Re: device mapper inside VE [message #42180 is a reply to message #41426] |
Tue, 15 March 2011 08:45 |
nuno
Messages: 43 Registered: January 2010
|
Member |
|
|
No, I didn't try it. But openvz's philosophy is to deny access to the hardware. Also, to use facilities provided by modules that module has to be "ported".
By the way, nothing is stopping you from making an encrypted volume in the HN and using that mount path as VE_PRIVATE's value.
In CTID.conf:
VE_PRIVATE="/already-mounted-encrypted-volume"
Regards,
|
|
|