Quoting Johannes Graumann (johannes_graum...@web.de): > Hello, > > Straight from the newbie department: is there a straight forward way to > setup a lxc container such that it's entire file system is encrypted and > starting the container requires a password? I am looking to run mailserver > etc. in containers and would like to have the data the server is managing > inaccessible should the harddrive be stolen from the hosting companies > server farm ... I clearly can setup the corresponding diskspace hosting the > rootFS as a dm-crypt partition, but is there a way to do this from "within" > the guest system as with a non-virtualized install? > > Thanks for any pointers. > > Sincerely, Joh
There is nothing build into lxc to do this, but there are several ways you could go about it. You could use ecryptfs for the sensitive parts of the fs, for instance, and have an upstart/init job mount them before services start. I've added encrypted fs support and pre-start hooks (which could also be used to add initramfs-style pre-boot setup of encrypted filesystems) to the uds agenda. -serge ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
