|device mapper inside VE [message #41369]
||Tue, 11 January 2011 06:12
Registered: January 2011
I would like to encrypt an entire disk inside a VE with cryptsetup. But I didn't manage to use device mapper.
[root@sauvegarde ~]# dmsetup table /dev/vgr0/sauvegarde
/proc/devices: No entry for misc found
Is device-mapper driver missing from kernel?
/dev/mapper/control: open failed: Operation not permitted
Failure to communicate with kernel device-mapper driver.
/proc/devices is empty and /dev/mapper/control is already present
[root@sauvegarde ~]# ll /dev/mapper/
crw-r----- 1 root root 10, 59 Jan 10 23:24 control
I have tried to give somes capability, but without success,
[root@storalca1 ~]# tail -2 /etc/vz/conf/48101.conf
CAPABILITY="SYS_MODULE:on MKNOD:on "
kernel 220.127.116.11 with patch dzhanibekov (device mapper and dm-crypt are compiled in the kernel)
|Re: device mapper inside VE [message #42180 is a reply to message #41426]
||Tue, 15 March 2011 04:45
Registered: January 2010
No, I didn't try it. But openvz's philosophy is to deny access to the hardware. Also, to use facilities provided by modules that module has to be "ported".|
By the way, nothing is stopping you from making an encrypted volume in the HN and using that mount path as VE_PRIVATE's value.