[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: 2.6.1 CryptoAPI woes

>>>>> "Johannes" == Johannes Graumann <graumann@caltech.edu> writes:


Johannes> And on another note: in
Johannes> http://www.mirrors.wiretapped.net/security/cryptography/filesystems/loop-aes/loop-AES.README
Johannes> I read the following: "Don't use a journaling file system on
Johannes> top of file backed loop device, unless underlying file system
Johannes> is journaled and guarantees data=ordered or data=journal."
Johannes> Can anybody comment on whether I can use reiserfs on top of my
Johannes> loopback?

The comment has nothing to do with whether or not your encrypted
filesystem is a journaling filesystem with or without data=ordered.  It
has to do with using a file-backed loop device (versus partition-backed
loop device), where the file is sitting on a journaling filesystem.  If
your loop device is a partition, or is file-based, but sits on top of a
non-journaled filesystem or a journaled filesystem with data=ordered or
journaled, then you can use any filesystem without problems.  (Or, at
least, you won't (shouldn't) run into any problems other than what you
might run into if it were not on a loopback device.)

Basically, if you don't have data=ordered, or data=journaled, any system
crash could completely screw up your entire loopback, rendering it
completely unusable.  If you don't plan on having any system crashes or
hard reboots, I think you can still run a loopback on top a
non-data=ordered journaled filesystem fairly safely.

reiserfs does not have data=ordered or data=journal semantics by
default.  In order to get this, you must apply Chris Mason's patch, and
recompile the kernel.

ftp://ftp.suse.com/pub/people/mason/patches/data-logging/2.4.20/ and
select your kernel version.  Apply the patches in order.  (Patches for
2.6.x are currently experimental.)  These patches should get merged into
mainline sometime ... soon.  (For some value of "soon".)

You'll also have to add a "data=ordered" or "data=journal" mount
option.  (data=ordered will be the default in some future version.)

Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/
PGP/GnuPG key: 1024D/124B61FA
Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
Key available at wwwkeys.pgp.net.   Encrypted e-mail preferred.

Attachment: pgpmkhza2OdLD.pgp
Description: PGP signature

Reply to: