[Users] Run truecrypt in a container?

Todd Lyons tlyons at ivenue.com
Thu Sep 22 14:07:35 EDT 2011


Hello all, I'm very new to openvz.  If I misstate names or concepts,
please do correct me.

Is there any possibility to get truecrypt to work inside a container?

===== Host Node =====
We set up an openvz server using proxmox.  The HN is Debian Lenny:
dlscld91:~# cat /etc/issue
Debian GNU/Linux 5.0 \n \l
dlscld91:~# uname -a
Linux dlscld91 2.6.32-4-pve #1 SMP Tue Mar 29 09:08:37 CEST 2011
x86_64 GNU/Linux

The fuse (userspace filesystem) module is loaded in the HN:
dlscld91:~# lsmod | grep fuse
fuse                   51198  3

And the CE is aware of it and the loop device:

dlscld91:~# vzctl set 901 --devnodes fuse:rw --devnodes loop0:rw
--devnodes loop1:rw --devnodes loop2:rw --devnodes loop3:rw --devnodes
loop4:rw --devnodes loop5:rw --devnodes loop6:rw --devnodes loop7:rw
--save
Setting devices
Saved parameters for CT 901
dlscld91:~# grep loop /etc/vz/conf/901.conf
DEVNODES="fuse:rw loop0:rw loop1:rw loop2:rw loop3:rw loop4:rw
loop5:rw loop6:rw loop7:rw "


===== CONTAINER =====
The CE is a CentOS 5.6 system, also x86_64.  In the container, all
fuse libs and fuse utilities are installed.  When I run truecrypt, I
get an error complaining about a lack of devicemapper support.

[root at dlswww91 ~]# truecrypt -c --encryption=AES --password=test
--random-source=/dev/urandom --volume-type=normal --size=20971520
--hash=RIPEMD-160 --filesystem="Linux Ext3" test.dat

Enter keyfile path [none]:

Done: 100.000%  Speed:   21 MB/s  Left: 0 s

The TrueCrypt volume has been successfully created.
[root at dlswww91 ~]# truecrypt --fs-options=users,uid=$(id -u),gid=$(id
-g),fmask=0113,dmask=002 --password=test --protect-hidden=no --mount
/root/test.dat /mnt/test/
Enter keyfile [none]:
Error: /proc/devices: No entry for misc found
Is device-mapper driver missing from kernel?
Failure to communicate with kernel device-mapper driver.
Command failed

[root at dlswww91 ~]# uname -a
Linux dlswww91.ivenue.net 2.6.32-4-pve #1 SMP Tue Mar 29 09:08:37 CEST
2011 x86_64 x86_64 x86_64 GNU/Linux

The /proc/devices file is ineed empty.


===== QUESTION =====
Is there any possibility to get truecrypt to work inside a container?
I worked through some errors, first with the fuse device not working
and second with the loop device not working.  Both were solved by
solutions found in the openvz forum.  I can create and mount iso
images on loopback, so I know my loop device is working.  After
putting fuse in the DEVNODES list, the fuse error went away.  Now I
just have to figure out how to tell truecrypt that device mapper
support is present.  Now, it's possible that this just can't work
inside a container, in which case we'll fall back to using a KVM VM
instead of an OpenVZ CE for that particular host, but I'd like to use
the much lower overhead OpenVZ if possible.

Regards...       Todd

-- 
If Americans could eliminate sugary beverages, potatoes, white bread,
pasta, white rice and sugary snacks, we would wipe out almost all the
problems we have with weight and diabetes and other metabolic
diseases. -- Dr. Walter Willett, Harvard School of Public Health


More information about the Users mailing list