You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed that currently fscrypt treats directories mounted on existing filesystem with --bind option as separate mountpoints.
That means it needs executing fscrypt setup MOUNTPOINT on every directory mounted this way to make encryption available. Moreover it can create confusion when encrypted directory was created before bind-mounts were used: fscrypt setup / fscrypt encrypt /home/xxx (creates policy under /.fscrypt)
bind-mount /home to /home fscrypt setup /home fscrypt status /home/xxx (searches policy under /home/.fscrypt)
In that case user have to manually copy fscrypt metadata from /.fscrypt to /home/.fscrypt
The text was updated successfully, but these errors were encountered:
In my opinion bind mounts shouldn't be treated as separate filesystems, since otherwise it's ambiguous where the fscrypt metadata is located. I've opened a pull request to fix this: #154
I noticed that currently fscrypt treats directories mounted on existing filesystem with
--bind
option as separate mountpoints.That means it needs executing
fscrypt setup MOUNTPOINT
on every directory mounted this way to make encryption available. Moreover it can create confusion when encrypted directory was created before bind-mounts were used:fscrypt setup /
fscrypt encrypt /home/xxx
(creates policy under/.fscrypt
)bind-mount /home to /home
fscrypt setup /home
fscrypt status /home/xxx
(searches policy under/home/.fscrypt
)In that case user have to manually copy fscrypt metadata from
/.fscrypt
to/home/.fscrypt
The text was updated successfully, but these errors were encountered: