Re: [dm-crypt] Encrypted LVs /root, /home, and swap mount at boot, as does 'shared' data LV but without write access?

DM-Crypt Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <gmazyland@gmail.com>
To: "Dáire Fagan" <dairefagan@gmail.com>, dm-crypt@saout.de
Subject: Re: [dm-crypt] Encrypted LVs /root, /home, and swap mount at boot, as does 'shared' data LV but without write access?
Date: Mon, 28 Apr 2014 06:15:01 +0200	[thread overview]
Message-ID: <535DD5C5.1080902@gmail.com> (raw)
In-Reply-To: <CAJ0AGf8KWmLt8FN1hVFALSSvHyL7E40qMebdoS1P5N2As_5zvg@mail.gmail.com>

On 04/27/2014 11:20 PM, Dáire Fagan wrote:
> Hi
> 
> I have asked for support on the Ubuntu forums, and many non distro
> linux forums, I thought someone here might be able to help me as I am
> trying to mount a logical volume with write access that is part of a
> crypsetup encrypted physical volume - I figured people on this mailing
> list would have experience of this.

According to list of your devices, it is activated as read/write.
(Check it from the bottom to up - use lsblk to display volume stack
and then "dmsetup info", "cryptsetup status <dev>", lvs/lvdisplay, mount
should verify that all layers are activated properly.)

Anyway, it is distro specific how to properly update initramfs
to activate volume on boot...
(On Debian this works quite nice so I see no reason Ubuntu should differ here,
but really, this is not Ubuntu support forum.)

Check /etc/fstab and /etc/crypttab (crypt device must be there).
Also check access rights to device nodes and directory where are you mounting fs.

BTW you can probably change activated name in /etc/crypttab.

> Is the encryption method I used best practice?
...
>>> When I do this over I will run cryptsetup benchmark first to see which
>>> iteration and algorithm works best for my system.

Be sure you understand consequences of switching parameters
(it is not only about speed).
It is better to stick with defaults if you are not sure.

Milan

next prev parent reply	other threads:[~2014-04-28  4:15 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-04-27 17:00 [dm-crypt] Encrypted LVs /root, /home, and swap mount at boot, as does 'shared' data LV but without write access? Dáire Fagan
2014-04-27 20:32 ` Arno Wagner
2014-04-27 21:20   ` Dáire Fagan
2014-04-28  4:15     ` Milan Broz [this message]
  -- strict thread matches above, loose matches on Subject: below --
2014-04-27 16:55 Dáire Fagan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=535DD5C5.1080902@gmail.com \
    --to=gmazyland@gmail.com \
    --cc=dairefagan@gmail.com \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox