[Nix-dev] Encrypted partition via loop device, syncronization
James Cook
james.cook at utoronto.ca
Sun Nov 15 04:02:29 CET 2015
On 12 November 2015 at 07:17, Sergey Mironov <grrwlf at gmail.com> wrote:
> Hi, List.
>
> I have an idea of setting up a small encrypted partition for storing
> things like passwords, wallets etc. The additional feature I want is
> synchronization: I'd like to use syncthing or rsync or whatever to
> synchronize the encrypted binary file with the whole partition between
> several machines. Of cause, I know little about kernel behavior when
> syncing data to disk. I am afraid it is non-atomic so there is a risk
> of damaging partition file during synchronization. But are there any
> technologies which address this issue? Did anybody solve this or
> similar task?
>
> If so, please, drop me a related reading.
>
> Thanks in advance,
> Sergey
Hi Sergey,
It is almost always a bad idea to write to a filesystem's underlying
partition while the filesystem is mounted, especially if it is mounted
read-write. The filesystem drivers tend to assume nothing else is
writing to the partition, and so you could easily lose data this way,
and I wouldn't be surprised if you caused a kernel panic.
It is conceivable it could work if the filesystem is only mounted on
one machine, and the synchronization never writes to that machine,
only reads from it. Or, if you make sure the synchronization only
happens when the filesystem is not mounted.
Also, having the encrypted partition open (e.g. having run cryptsetup
luksOpen) is still probably bad even if it's not mounted.
James
More information about the nix-dev
mailing list