Mount with LUKS keyfile & permissions

Question

Mount with LUKS keyfile & permissions

Closed this issue 4 months ago · 7 comments

Hi

So i am attempting to use this awesome project to mount a LUKS partition on macOS
sudo ./linsk_darwin_arm64_v0.2.2 run -l dev:/dev/disk6s1

but I would like to switch to using a keyfile, can this be done with the run command?
also, I get permission denied while trying to modify files in the share, what uid/gid should the folder be (on the mounted filesystem)?

& also, is it possible to attach a shell to a running vm? (which is run by run command)

Edit:
Figured out the user is linsk uid=1000, gid=1000 and the --debug-shell option! but would still be interested if passing a keyfile is supported

i also just noticed memory usage climbs when transferring files to the share
this is likely qemu disk caching if I am right?

or your -h output might be displaying it as KiB instead of MiB
--vm-mem-alloc uint32 Specifies the VM memory allocation in KiB. (the default is 2048 in LUKS mode) (default 512)

Answer 1 · 2024-03-18T14:54:36.000Z

HI,
Same here, can't write on network share (luks btrfs). How can I bypass this?

Answer 2 · 2024-05-06T11:27:30.000Z

Did you find a workaround for the permissions @dejl, if so, can you share it?

Answer 3 · 2024-05-07T13:18:49.000Z

So what's causing this is that /mnt is mounted by root and thus the mountpoint has permissions of root. If you use the --debug-shell stop netatalk, umount /mnt, chown the /mnt to linsk user, add an fstab with user, su into linsk user and then mount /mnt and start netatalk again, it works. But at that point you might as well just run a VM yourself 😆

Answer 4 · 2024-05-13T22:27:37.000Z

The UID/GID of the work user linsk is 1000. You cannot change this without implementing a custom UID/GID as an additional feature.

To access these files, you would first need to adjust their ownership. This can be done by running chown -R 1000:1000 /mnt in the debug console.

As for the key files — this is not supported, and there are no plans to support them in the future. Anyone is free to make a PR, though.

Answer 5 · 2024-05-16T11:41:52.000Z

Wouldn't it make sense to automate this in the linsk run command?

Answer 6 · 2024-05-23T11:21:33.000Z

It does, with a y/n prompt.

Answer 7 · 2024-05-27T10:12:53.000Z

ah I did not get this prompt, probably the users above also did not hence the report.