Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Caml-list] ANNOUNCE: LSD mount utilities.

3 views
Skip to first unread message

ls-ocaml-de...@m-e-leypold.de

unread,
Jan 30, 2007, 6:54:35 AM1/30/07
to caml...@inria.fr

The LSD mount utilities are written in OCaml, so I hope the
announcement is not OT here.

Don't hesitate either to flame me or ask questions if I'm OT or the
utilities don't work as advertised.

Since those need to be SUID programs help in reviewing them or
discussion of security aspects would be appreciated.

Regards, Markus


_oOo_


About
-----

The LSD mount utilities allow to automate mounting of encrypted
filesystems in linux with cryptsetup and loopback devices and enable
users (not only root) to mount encrypted filesystems when appropriate
entries to /etc/fstab have been added by root.

The LSD mount utilities are licensed/distributed under the the terms
of the GPL Version 2 (no later version). We'll usually be happy though
to relicense under other OS licenses, but you have to ask and get the
licensing change from us in writing.

The LSD mount utilities can be downloaded from

http://software.m-e-leypold.de/lsd-mount-utilities.


What does it do? How does it work?
----------------------------------

In Linux /sbin/mount calls /sbin/mount.$FSTYPE and /sbin/umount calls
/sbin/umount.$FSTYPE if those programs exist. This leads to the
observation, that the filesystem types either in /etc/fstab or passed
to mount with -t rather more characterize a mounting mechanism than a
file system type.

With the LSD mount utilities this mechanism is used to delegate
mounting of encrypted loopback devices to mount.lcrypt which automates
the steps necessary to set up those devices (like: modprobe, losetup,
cryptsetup).

mount.lcrypt on the other side should know the filesystem of the
decrypted device from a mount option. (This does not work yet,
presently all lcrypt devices have the decrypted filesystem type ext2).


Mounting directly
-----------------

Pass '-t lcrypt' to mount:

mount -t lcrypt /data/encrypted-image /mnt

You'll be asked for the passphrase.

With fstab / allow user mounting
---------------------------------

Use lcrypt as filesystem type. Use the option 'user', if non
privileged users should be able to mount the device:

/data/encrypted-image /secret-mnt lcrypt rw,noauto,user,exec 0 0

Any user can now use

mount /data/encrypted-image

and is then asked for the passphrase.

_______________________________________________
Caml-list mailing list. Subscription management:
http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list
Archives: http://caml.inria.fr
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
Bug reports: http://caml.inria.fr/bin/caml-bugs

ls-ocaml-de...@m-e-leypold.de

unread,
Feb 17, 2007, 7:08:50 AM2/17/07
to caml...@inria.fr


Release 1.3 of LSD mount utilities with mkfs, fsck and LUKS support
___________________________________________________________________

A new version (1.3) of the LSD mount utilities has been released.

- LUKS support has been tested (by Alexander Ulrich) and seems to be OK.

- Basic versions of mkfs.lcrypt and fsck.lcrypt have been added:
You can now use mkfs to create a file system on your encrypted
device and fsck to check your file system.

- The file USAGE (see below) is intended to be the beginning of
a user manual.

LSD mount utilities are written in OCaml.

Regards -- M E Leypold, 16 Feb 2007.


* About
=====

The LSD mount utilities assist in setting up (creating) and
mounting of encrypted loopback file systems in Linux 2.4 and 2.6.

They also enable users (not only root) to mount encrypted
file systems if appropriate entries have been added to /etc/fstab.

The LSD mount utilities are licensed/distributed under the the
terms of the GPL Version 2 (no later version). We'll usually be
happy though to relicense under other OS licenses, but you have to
ask and get the licensing change from us in writing.

The LSD mount utilities are available from
http://software.m-e-leypold.de. Read the README file from the
distribution before using the software!

* How to get more information and help
====================================

Information on recent development and plans and updated
documentation will be posted at

http://www.etc-network.de/blog/mel/projects/lsd-mount-utilities

If you need help, have questions concerning the LSD mount
utilities or have suggestions for further implementation you can
write the developer at

development-2006-8e...@AND-THAT-m-e-leypold.de.

I don't guarantee support, but will usually do my best to help.



* How to use (excerpt from USAGE)
===============================

PLEASE DO READ the file USAGE in the distribution. The following
excerpt is only intended to give you a basic idea how things work
with LSD mount utilities (i.e. that the hide all losetup and
cryptsetup stuff from the user).


** Creating an encrypted file system
---------------------------------

Before you can make an encrypted file system you need to create an
image file and preferably fill it with random noise:

dd if=/dev/urandom of=/secret/image

Given an image files a encrypted file systems can be initialized
with plain mkfs:

mkfs -t lcrypt /secret/image 10000

The 'blocks' number is optional (you usually can leave it
out). You'll be asked for the passphrase twice.


** Checking an encrypted file system
---------------------------------

An encrypted file system can be checked passing '-t lcrypt' to fsck.

fsck -t lcrypt /secret/image

You will, of course be asked for the passphrase.

If there is an entry in /etc/fstab (see the next sections) which
already gives the type of /secret/image as lcrypt, the '-t lcrypt'
might be omitted:

fsck /secret/image


** Mounting an encrypted file system
----------------------------------

To mount an encrypted file system you can pass '-t lcrypt' to
mount:

mount -t lcrypt /data/encrypted-image /mnt

You'll be asked for the passphrase.

If there is an entry in /etc/fstab (see the next sections) which
already gives the type of /secret/image as lcrypt, the '-t lcrypt'
and the mount point might be omitted.

mount /data/encrypted-image


** Setting up encrypted file systems in /etc/fstab
-----------------------------------------------

Use lcrypt as file system type. Use the option 'user', if
non-privileged users should be able to mount the device:

/etc/fstab:
|
...


|
| /data/encrypted-image /secret-mnt lcrypt rw,noauto,user,exec 0 0
|


** Loclean: Clean up loopback devices
----------------------------------

Loclean can only be used by root:

loclean

and will try to remove all associations with files from loopback
devices (/dev/loop*) that are not currently in use.

ls-ocaml-de...@m-e-leypold.de

unread,
Apr 13, 2007, 4:50:06 AM4/13/07
to caml...@inria.fr

Release 1.4 of LSD mount utilities (minor enhancements)

A new version (1.4) of the LSD mount utilities has been released
(download here: http://software.m-e-leypold.de/lsd-mount-utilities).

This release doesn't add new functionality. Instead parts of the
code have been reorganized in (probably more reliable) reusable
components.

As a side effect

- The installation footprint has been reduced by factor ~2.3
(formerly separate programs have been gathered into a single
one and switch on the name under which the program is
installed).

- The tool verbosity is greatly reduced (since we now suppress
standard error for most of the probing with external tools). To
get a partial trace of the things happening internally
(e.g. which external programs are invoked) you can now set the
environment variable lsd_lama_trace=verbose.

A more detailed description of the utilities can be found at
www.etc-network.de/blog/mel/projects/lsd-mount-utilities/about.html.

Please read the complete README (and specfically the disclaimer)
before installing or using the software).

Regards -- Markus

0 new messages