On 11/28/23 06:27, Max Nikulin wrote:
On 28/11/2023 18:12, Pocket wrote:
Not really looking to encrypt the whole file system. As another
project I want to try making the root filesystem mostly read only.
You may mount a partition encrypted using LUKS2 by providing a
passphrase during initrd stage. It should be more straightforward.
Fscrypt is necessary to allow different secrets to for different
directories, e.g. per user ones.
Been there done that and have the scars from doing that, I almost bled
to death so I ain't doing that every again
If your are going to create a portable home directory for a specific
user then you may face a number of issues. *Login* protector is
stored in /.fscrypt, not on the mounted partition, see the fscrypt
README.md file.
Not sure if that is entirely the case, as my above method seems to be
working
*Login* protector used by pam_fscrypt is a different case.
Well I will see about that when the time comes.
I have a few ideas that may "fix" that, untested at the present time of
course.
--
It's not easy to be me
