[lxc-devel] mounting a crypted volume in a container
Daniel Lezcano
daniel.lezcano at free.fr
Tue Mar 2 17:13:38 UTC 2010
lxc at zitta.fr wrote:
> hi,
>
> I'm trying to provide a crypted volume to a container :
> - So i have added it to the container's fstab :
> root at ksxxx:~# cat /var/lib/lxc/newzer.ovh2.p.zitta.fr/fstab
> /lxc/root/newzer.ovh2.p.zitta.fr
> /var/lib/lxc/newzer.ovh2.p.zitta.fr/rootfs none rbind 0 0
> /dev/mapper/crypt_newzer
> /var/lib/lxc/newzer.ovh2.p.zitta.fr/rootfs/home ext4 defaults 0 0
> - Looked which minor/major to allow
> root at ksxxx:~# ls -l /dev/mapper/
> total 0
> crw-rw---- 1 root root 10, 60 2010-02-13 14:22 control
> brw-rw---- 1 root disk 252, 3 2010-03-02 12:51 crypt_newzer
> brw-rw---- 1 root disk 252, 3 2010-03-02 12:51
> crypt_newzer_unformatted
> brw-rw---- 1 root disk 252, 1 2010-02-13 14:22 vg0-backup_restore
> brw-rw---- 1 root disk 252, 2 2010-03-02 12:22 vg0-cr_newzer
> brw-rw---- 1 root disk 252, 0 2010-02-13 14:22 vg0-lxc
> - I have allowed it (i have deduced it from exemples)
> root at ksxxx:~# cat /var/lib/lxc/newzer.ovh2.p.zitta.fr/config |
> grep 252:3
> lxc.cgroup.devices.allow = b 252:3 rwm
> - And plouf, an error :(
> root at ksxxx:~# lxc-start -n newzer.ovh2.p.zitta.fr
> lxc-start: Operation not permitted - failed to mount
> '/dev/mapper/crypt_newzer' on
> '/var/lib/lxc/newzer.ovh2.p.zitta.fr/rootfs/home'
> lxc-start: failed to setup the mounts for 'newzer.ovh2.p.zitta.fr'
> lxc-start: failed to setup the container
>
> So I'm wondering if it is possible, if i have made a mistake... Voila
>
> Any idea?
> Thanks
>
You want to use an image to mount the rootfs, right ?
This is partly implemented but disabled in the code right now.
Do you have an example of the image I can download somewhere in the net,
so I can finish this part and test ?
In the meantime, you can mount the image somewhere in a directory and
use it as the rootfs - I know this is not what you want to do but anyway
... :)
More information about the lxc-devel
mailing list