liblxc-common 3.0.1-0ubuntu1~18.04.2 / usr / share / lxc / hooks / mountecryptfsroot

This file is indexed.

/usr/share/lxc/hooks/mountecryptfsroot is in liblxc-common 3.0.1-0ubuntu1~18.04.2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/sh

# (C) Copyright Canonical 2011-2013

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

# This hook can be used to mount an ecryptfs filesystem as a container's
# rootfs.
# To use this hook, assuming your container is called q1,
#  1. add 'lxc.hook.pre-mount = /usr/share/lxc/hooks/mountecryptfsroot' to
#     the container's configuration file
#  2. Create /var/lib/lxc/q1/ecryptfs-root
#     a. mkdir /var/lib/lxc/q1/ecryptfs-root
#  3. convert your container's root filesystem to be ecryptfs-backed.  Assuming
#     your container is called 'q1', do
#     a. c=q1
#     b. mv /var/lib/lxc/$c/rootfs /var/lib/lxc/$c/rootfs.plain
#     c. mkdir /var/lib/lxc/$c/rootfs{,.crypt}
#     d. sig=`echo none | ecryptfs-add-passphrase | grep -v Passphrase | cut -d[ -f 2 | cut -d] -f 1`
#     e. echo $sig > /var/lib/lxc/$c/sig
#     f. mount -t ecryptfs -o ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n,ecryptfs_sig=${sig},sig=${sig},verbosity=0 /var/lib/lxc/$c/rootfs.crypt /var/lib/lxc/$c/rootfs
#     g. rsync -va /var/lib/lxc/$c/rootfs.plain/ /var/lib/lxc/$c/rootfs/
#     h. umount /var/lib/lxc/$c/rootfs
#     i. rm -rf /var/lib/lxc/$c/rootfs.plain
#  4. Now you can start your container by adding the passphrase to your
#     in-kernel keyring using 'ecryptfs-add-passphrase', then starting your
#     container as normal.
#     a. echo none | ecryptfs-add-passphrase
#     b. lxc-start -n q1
#  Note that you may well want to use a wrapped passhrase (see the ecryptfs-wrap-passphrase(1) manual page).

set -e
ecryptfs_crypt=$(echo $LXC_ROOTFS_PATH | sed 's/rootfs$/rootfs.crypt/')
sigfile=$(echo $LXC_CONFIG_FILE | sed 's/config$/sig/')

sig=`cat $sigfile`
mount -n -t ecryptfs -o ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n,ecryptfs_sig=${sig},sig=${sig},verbosity=0 $ecryptfs_crypt $LXC_ROOTFS_PATH
exit 0

APT Browse - Built by Thomas Orozco.