Re: [systemd-devel] mount crypto_LUKS device in conatiner
On Fri, 01.05.15 11:39, arnaud gaboury (arnaud.gabo...@gmail.com) wrote: My container will need access to a Luks encrypted device (/dev/sdd4) for its DB. Only very select devices are accessible from inside containers, more specifically the ones where it is fully safe to share them between multiple containers and the host. /dev/random and /dev/null are of this kind, however device mapper (DM) devices are not. This is a limitation of the Linux kernel really, it does not support proper device virtualization for things like this, and probably never will. Or in other words: LVM and DM (and thus LUKS) are something you can use on the host only, sorry. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] mount crypto_LUKS device in conatiner
My container will need access to a Luks encrypted device (/dev/sdd4) for its DB. Here is the setup on the host : - # cryptsetup --key-file /etc/keys/poppy.luks luksOpen /dev/bcache0 sdd4_crypt $ lsblk -o NAME,KNAME,MAJ:MIN,FSTYPE,LABEL .. └─sdd4 sdd4 8:52 bcache └─bcache0 bcache0 254:0 crypto_LUKS └─sdd4_crypt dm-7253:7 btrfs poppy-encrypt I am little lost for now how the container manage /dev and devices mapper. So I am wondering where to write this device entry in /etc/fstab and /etc/crypttab. In host or container? It seems to me it is more easy to manage anything in the host. Am I right? Thank you for hints. -- google.com/+arnaudgabourygabx ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel