this post was submitted on 31 Oct 2023
99 points (97.1% liked)

Linux

48149 readers
752 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

Yeppp this is what I currently do, and offers the best performance IMO compared to using something like gocryptfs in userspace on top of BTRFS. Pretty happy with it except a few small things...

It can be a bit of a faff to mount on a new machine if its file manager doesn't support encrypted volumes natively ☹️. On your daily you can have it all sorted in your crypttab and fstab so it's not an issue there

My main problem though is if it's an external USB device you have encrypted with LUKS, the handles and devices stay there after an unexpected USB disconnect... so you can't actually unmount or remount the dm-crypt device after that happens. Anytime you try, the kernel blocks you saying the device is busy - only fix i'm aware of is a reboot.

If the encryption is managed by the filesystem itself, one would probably assume this kind of mounting & unexpected disconnect scenario would be handled as gracefully as possible

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

I see, good points.

I have also experienced that dangling devices break remounting it, but I think there's a quicker solution for it: dmsetup remove insert_device_name_here.
It's still a manual thing, though, but 2 steps better. Maybe it can be automated somehow, I haven't looked into that yet.