> "Create and work with loopback mounted, luks encrypted, file based chroot
> guests."
OK, I finally determined why schroot was not doing as I wanted, and
why zchroot does:
On reading schroot's /etc/schroot/setup.d/05file, I determine:
- schroot's "file" chroot type means "a temporarily zipped file hierarchy"
- this chroot..tgz file is unpacked, into a directory, like a normal chroot,
to actually chroot into it to do anything
- after the job is done, this directory is zipped back up,
(unless a "session" is in play)
- _in contrast_, zchroot's chroot files:
- are loopback mounted sparse files
- the file is never 'unzipped' into a directory
- are luks-encrypted (may use empty pw for throwaway chroot's)
- are installed into an fs which is formatted into the luks/lo sparse file
- are not zipped (although that could be added, either externally,
or perhaps as an fs/ dm option when formatting the fs in the lo file??)
Now, zchroot option/ type appeals to me. There's no repetitive
unzipping and rezipping each time you mount/umount the chroot, instead
an lo mount + luks mount.
Work TODO: port zchroot as a patch against schroot, providing this new
type of chroot. It really is a different option than those currently
provided by schroot (it has a few types currently supported).
loopback, luks encrypted, sparse file is ideally just another chroot
type option provided by schroot.
I don't have time to do this right now; I should have in about 2-3 years.
cheers
zen
PS: mount --make-rshared / can be quite useful before mounting chroots...
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
