-
Notifications
You must be signed in to change notification settings - Fork 259
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: support overlayfs on top of a gocryptfs mount #765
Comments
Hmm I did not understand completely. You are trying to use overlayfs on top of gocryptfs? And it doesn't work? What error message do you get? |
The error is related to the metadata being encrypted. overlayfs uses extended meta data to track which files are on the overlay and underlay, so if the metadata is encrypted it doesn't work and refuses to mount. |
For posterity: overlayfs uses user.overlay. or trusted.overlay. xattrs. https://www.kernel.org/doc/html/v6.8/filesystems/overlayfs.html#user-xattr |
What exactly does that mean for users? I'm trying to use anything-sync-daemon to overlay a directory inside my gocrypt mount, which sadly doesn't work. Is it straight up not possible or am I missing something? Sorry for the uninformed question, but I just recently got into gocrypt and the whole overlayfs stuff. According to the Arch wiki it should normally be possible to mount overlay on top of other overlays Edit: After reading the whole manpage of gocrypt using -allow_other fixed it! Although stopping anything-sync-daemon seems to crash the mount (only saying file not found / transport endpoint is not connected). According to journalctl it happens after asd unmounts a overlay inside the mounted gocrypt directory Edit after edit: Ignore this, seems to be a bug within asd itself, bug tracker: graysky2/anything-sync-daemon#86 |
Use case is for snapshots or a readonly filesystem that saves changes separately.
I believe what is needed is an option to not encrypt metadata.
The challenge is that only gocryptfs understands this.
It would make the most sense to build the overlay on the encrypted folder, but when doing so it breaks overlayfs.
The text was updated successfully, but these errors were encountered: