Em um contêiner LXC, preciso colocar dados confidenciais, preferencialmente armazenados em um sistema de arquivos criptografado com criptografia dm.
Quando escrevo
sudo cryptsetup luksFormat --cipher aes-xts-plain --size 512 $MyDocsCryptDir/$MyDocsCryptFile ,
após a caixa de diálogo de confirmação, recebi o erro:
Cannot find a free loopback device.
O LXC é instalado no Ubuntu 12.04 com kernel 3.6.3 de kernel-ppa / mainline - Kernel Ubuntu
Configuração do contêiner:
lxc.network.type=veth
lxc.network.link=lxcbr0
lxc.network.flags=up
lxc.network.hwaddr= 00:16:3e:10:97:12
lxc.network.ipv4 = 10.0.3.11/24
lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024
lxc.arch = amd64
lxc.cap.drop = sys_module mac_admin
lxc.cgroup.devices.deny = a
# Allow any mknod (but not using the node)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
#lxc.cgroup.devices.allow = c 4:0 rwm
#lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
#fuse
lxc.cgroup.devices.allow = c 10:229 rwm
#tun
lxc.cgroup.devices.allow = c 10:200 rwm
#full
lxc.cgroup.devices.allow = c 1:7 rwm
#hpet
lxc.cgroup.devices.allow = c 10:228 rwm
#kvm
lxc.cgroup.devices.allow = c 10:232 rwm
lxc.utsname = statystyka
lxc.mount = /var/lib/lxc/statystyka/fstab
lxc.rootfs = /var/lib/lxc/statystyka/rootfs
Você pode tentar permitir que o contêiner use o módulo do sistema (removendo sys_module de ser descartado):
lxc.cap.drop = mac_admin
Talvez também permitindo o uso do bloco de mapeador de dispositivos:
lxc.cgroup.devices.allow = b 252:* rwm
Tags 12.04 encryption luks lxc