From: ls-ocaml-developer-2006@m-e-leypold.de
To: caml-list@inria.fr
Subject: ANNOUNCE: LSD mount utilities.
Date: Tue, 30 Jan 2007 12:56:29 +0100 [thread overview]
Message-ID: <6w1wlcd8ya.fsf@hod.lan.m-e-leypold.de> (raw)
The LSD mount utilities are written in OCaml, so I hope the
announcement is not OT here.
Don't hesitate either to flame me or ask questions if I'm OT or the
utilities don't work as advertised.
Since those need to be SUID programs help in reviewing them or
discussion of security aspects would be appreciated.
Regards, Markus
_oOo_
About
-----
The LSD mount utilities allow to automate mounting of encrypted
filesystems in linux with cryptsetup and loopback devices and enable
users (not only root) to mount encrypted filesystems when appropriate
entries to /etc/fstab have been added by root.
The LSD mount utilities are licensed/distributed under the the terms
of the GPL Version 2 (no later version). We'll usually be happy though
to relicense under other OS licenses, but you have to ask and get the
licensing change from us in writing.
The LSD mount utilities can be downloaded from
http://software.m-e-leypold.de/lsd-mount-utilities.
What does it do? How does it work?
----------------------------------
In Linux /sbin/mount calls /sbin/mount.$FSTYPE and /sbin/umount calls
/sbin/umount.$FSTYPE if those programs exist. This leads to the
observation, that the filesystem types either in /etc/fstab or passed
to mount with -t rather more characterize a mounting mechanism than a
file system type.
With the LSD mount utilities this mechanism is used to delegate
mounting of encrypted loopback devices to mount.lcrypt which automates
the steps necessary to set up those devices (like: modprobe, losetup,
cryptsetup).
mount.lcrypt on the other side should know the filesystem of the
decrypted device from a mount option. (This does not work yet,
presently all lcrypt devices have the decrypted filesystem type ext2).
Mounting directly
-----------------
Pass '-t lcrypt' to mount:
mount -t lcrypt /data/encrypted-image /mnt
You'll be asked for the passphrase.
With fstab / allow user mounting
---------------------------------
Use lcrypt as filesystem type. Use the option 'user', if non
privileged users should be able to mount the device:
/data/encrypted-image /secret-mnt lcrypt rw,noauto,user,exec 0 0
Any user can now use
mount /data/encrypted-image
and is then asked for the passphrase.
next reply other threads:[~2007-01-30 11:51 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-30 11:56 ls-ocaml-developer-2006 [this message]
2007-02-17 12:12 ` ANNOUNCE: LSD mount utilities, version 1.3 ls-ocaml-developer-2006
2007-04-13 8:55 ` ANNOUNCE: LSD mount utilities, version 1.4 ls-ocaml-developer-2006
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6w1wlcd8ya.fsf@hod.lan.m-e-leypold.de \
--to=ls-ocaml-developer-2006@m-e-leypold.de \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox