SLUG Mailing List Archives
[SLUG] Re: zchroot stable v0.2.5: loopback mounted, luks encrypted, file based chroot guests
- To: SLUG <slug@xxxxxxxxxxx>
- Subject: [SLUG] Re: zchroot stable v0.2.5: loopback mounted, luks encrypted, file based chroot guests
- From: Zenaan Harkness <zen@xxxxxxxxxxxx>
- Date: Tue, 26 Oct 2010 20:55:22 +1100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:sender:received :in-reply-to:references:from:date:x-google-sender-auth:message-id :subject:to:content-type; bh=uk7XzK4GttdMq+rGKOJEdGZNctDcrt/NxPHNWdptGd4=; b=Wj0sCNuEXOrWnNVvecQdh42Uf1e5X1T3genpHZUqQBJZnhTyVv+0/JAn0J4t/NXlkG alxckjkC9C6lg4CP85i2qc4yCfAjqg3ukVtZ3qf8M+747MjnZP40BcLwPjAcnT6uYaSJ ABQHHdebSPGbN9Crx9zyVDdUz9l2u1wZSUB44=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:content-type; b=neNEQhz9Kz3BeA0NoqMplFqDSiPM7kWz83qT1Co9HGg17NMBoZUkzIGMB4p1z+iIWd JGwErG47QjSgSPmSaTgFrvrhpop7uiH9gUyZXGlWhFel4sludoNsDWzmxNJUrYWtpDHt /0mLqup85zCglLzXuzLQR1SK1QeB36Ds/QA9U=
> "Create and work with loopback mounted, luks encrypted, file based chroot
OK, I finally determined why schroot was not doing as I wanted, and
why zchroot does:
On reading schroot's /etc/schroot/setup.d/05file, I determine:
- schroot's "file" chroot type means "a temporarily zipped file hierarchy"
- this chroot..tgz file is unpacked, into a directory, like a normal chroot,
to actually chroot into it to do anything
- after the job is done, this directory is zipped back up,
(unless a "session" is in play)
- _in contrast_, zchroot's chroot files:
- are loopback mounted sparse files
- the file is never 'unzipped' into a directory
- are luks-encrypted (may use empty pw for throwaway chroot's)
- are installed into an fs which is formatted into the luks/lo sparse file
- are not zipped (although that could be added, either externally,
or perhaps as an fs/ dm option when formatting the fs in the lo file??)
Now, zchroot option/ type appeals to me. There's no repetitive
unzipping and rezipping each time you mount/umount the chroot, instead
an lo mount + luks mount.
Work TODO: port zchroot as a patch against schroot, providing this new
type of chroot. It really is a different option than those currently
provided by schroot (it has a few types currently supported).
loopback, luks encrypted, sparse file is ideally just another chroot
type option provided by schroot.
I don't have time to do this right now; I should have in about 2-3 years.
PS: mount --make-rshared / can be quite useful before mounting chroots...