Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[question] Should bind-mounts be treated as separate filesystems? #59

Closed
ghost opened this issue Sep 5, 2017 · 1 comment
Closed

[question] Should bind-mounts be treated as separate filesystems? #59

ghost opened this issue Sep 5, 2017 · 1 comment
Labels
bug

Comments

@ghost
Copy link

ghost commented Sep 5, 2017

I noticed that currently fscrypt treats directories mounted on existing filesystem with --bind option as separate mountpoints.
That means it needs executing fscrypt setup MOUNTPOINT on every directory mounted this way to make encryption available. Moreover it can create confusion when encrypted directory was created before bind-mounts were used:
fscrypt setup /
fscrypt encrypt /home/xxx (creates policy under /.fscrypt)
bind-mount /home to /home
fscrypt setup /home
fscrypt status /home/xxx (searches policy under /home/.fscrypt)

In that case user have to manually copy fscrypt metadata from /.fscrypt to /home/.fscrypt
@Maryse47 Maryse47 mentioned this issue Sep 23, 2019
Merged
@ebiggers
Copy link
Collaborator

ebiggers commented Oct 1, 2019

In my opinion bind mounts shouldn't be treated as separate filesystems, since otherwise it's ambiguous where the fscrypt metadata is located. I've opened a pull request to fix this: #154

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ebiggers @josephlr