[Lxc-users] container with encrypted FS howto?
Serge Hallyn
serge.hallyn at canonical.com
Fri Apr 27 14:00:56 UTC 2012
Quoting Johannes Graumann (johannes_graumann at web.de):
> Hello,
>
> Straight from the newbie department: is there a straight forward way to
> setup a lxc container such that it's entire file system is encrypted and
> starting the container requires a password? I am looking to run mailserver
> etc. in containers and would like to have the data the server is managing
> inaccessible should the harddrive be stolen from the hosting companies
> server farm ... I clearly can setup the corresponding diskspace hosting the
> rootFS as a dm-crypt partition, but is there a way to do this from "within"
> the guest system as with a non-virtualized install?
>
> Thanks for any pointers.
>
> Sincerely, Joh
There is nothing build into lxc to do this, but there are several ways
you could go about it. You could use ecryptfs for the sensitive parts
of the fs, for instance, and have an upstart/init job mount them
before services start.
I've added encrypted fs support and pre-start hooks (which could also
be used to add initramfs-style pre-boot setup of encrypted filesystems)
to the uds agenda.
-serge
More information about the lxc-users
mailing list