OpenVZ Forum


Home » Mailing lists » Users » Run truecrypt in a container?
Run truecrypt in a container? [message #43558] Thu, 22 September 2011 18:07 Go to next message
Todd Lyons is currently offline  Todd Lyons
Messages: 3
Registered: September 2011
Junior Member
From: *parallels.com
Hello all, I'm very new to openvz. If I misstate names or concepts,
please do correct me.

Is there any possibility to get truecrypt to work inside a container?

===== Host Node =====
We set up an openvz server using proxmox. The HN is Debian Lenny:
dlscld91:~# cat /etc/issue
Debian GNU/Linux 5.0 \n \l
dlscld91:~# uname -a
Linux dlscld91 2.6.32-4-pve #1 SMP Tue Mar 29 09:08:37 CEST 2011
x86_64 GNU/Linux

The fuse (userspace filesystem) module is loaded in the HN:
dlscld91:~# lsmod | grep fuse
fuse 51198 3

And the CE is aware of it and the loop device:

dlscld91:~# vzctl set 901 --devnodes fuse:rw --devnodes loop0:rw
--devnodes loop1:rw --devnodes loop2:rw --devnodes loop3:rw --devnodes
loop4:rw --devnodes loop5:rw --devnodes loop6:rw --devnodes loop7:rw
--save
Setting devices
Saved parameters for CT 901
dlscld91:~# grep loop /etc/vz/conf/901.conf
DEVNODES="fuse:rw loop0:rw loop1:rw loop2:rw loop3:rw loop4:rw
loop5:rw loop6:rw loop7:rw "


===== CONTAINER =====
The CE is a CentOS 5.6 system, also x86_64. In the container, all
fuse libs and fuse utilities are installed. When I run truecrypt, I
get an error complaining about a lack of devicemapper support.

[root@dlswww91 ~]# truecrypt -c --encryption=AES --password=test
--random-source=/dev/urandom --volume-type=normal --size=20971520
--hash=RIPEMD-160 --filesystem="Linux Ext3" test.dat

Enter keyfile path [none]:

Done: 100.000% Speed: 21 MB/s Left: 0 s

The TrueCrypt volume has been successfully created.
[root@dlswww91 ~]# truecrypt --fs-options=users,uid=$(id -u),gid=$(id
-g),fmask=0113,dmask=002 --password=test --protect-hidden=no --mount
/root/test.dat /mnt/test/
Enter keyfile [none]:
Error: /proc/devices: No entry for misc found
Is device-mapper driver missing from kernel?
Failure to communicate with kernel device-mapper driver.
Command failed

[root@dlswww91 ~]# uname -a
Linux dlswww91.ivenue.net 2.6.32-4-pve #1 SMP Tue Mar 29 09:08:37 CEST
2011 x86_64 x86_64 x86_64 GNU/Linux

The /proc/devices file is ineed empty.


===== QUESTION =====
Is there any possibility to get truecrypt to work inside a container?
I worked through some errors, first with the fuse device not working
and second with the loop device not working. Both were solved by
solutions found in the openvz forum. I can create and mount iso
images on loopback, so I know my loop device is working. After
putting fuse in the DEVNODES list, the fuse error went away. Now I
just have to figure out how to tell truecrypt that device mapper
support is present. Now, it's possible that this just can't work
inside a container, in which case we'll fall back to using a KVM VM
instead of an OpenVZ CE for that particular host, but I'd like to use
the much lower overhead OpenVZ if possible.

Regards... Todd

--
If Americans could eliminate sugary beverages, potatoes, white bread,
pasta, white rice and sugary snacks, we would wipe out almost all the
problems we have with weight and diabetes and other metabolic
diseases. -- Dr. Walter Willett, Harvard School of Public Health
Re: Run truecrypt in a container? [message #43561 is a reply to message #43558] Thu, 22 September 2011 20:23 Go to previous message
Gary Wallis is currently offline  Gary Wallis
Messages: 15
Registered: July 2011
Junior Member
From: *parallels.com
Maybe...You need to add the devices and tweak the container .conf file.
The kernel may have to recompiled to support it.
Previous Topic: OpenVZ adapter for OpenNebula
Next Topic: vztcl runscript and keep the same env variables?
Goto Forum:
  


Current Time: Mon Oct 23 00:37:48 GMT 2017