[lxc-users] lxc and encfs
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Feb 19 01:46:39 UTC 2016
Quoting Mittelsdorf, Bjoern (Bjoern.Mittelsdorf at scheer-group.com):
> Hi all,
>
> I face a problem with encfs encrypted folders mounted into lxc containers.
>
> I have a public encfs folder, which is controlled and provided by the host,
> encrypted: /var/lxc-crypt
> public: /var/lxc-data
>
> containing one directory for each container, e.g.:
> /var/lxc-data/xyz
>
> Each container mounts his directory via its config:
>
> lxc.mount.entry = /var/lxc-data/xyz /var/vm/xyz/rootfs/var/encryptedData none bind 0 0
>
> Each time I shutdown one of the containers the host mount point for the unencrypted data goes to waste, dragging the other container mount points down with it:
>
> ls -ltr /var/
> ls: cannot access /var/lxc-data: Transport endpoint is not connected
> total 56
> d????????? ? ? ? ? ? lxc-data
>
> I am aware of the fact that encfs is not the best choice but I would really happily stick with it for the moment.
>
> As you can see, I have no clue what is going on.
Do you have reject_force_umount in your seccomp policy? This is a known
bug in fuse, and really all you can do is not allow your containers to
force-umount fuse (and therefore sadly, all) filesystems.
More information about the lxc-users
mailing list