[opensuse-security] Exec option for Encrypted Partition
Hello all, How can I set the execute option when mounting an encrypted partition? I am using openSUSE 10.3 and have created an encrypted partition using Yast. In 10.2, I simply added the 'exec' option to /etc/cryptotab. However, in 10.3 encrypted partitons are done using a combination of /etc/crypttab and /etc/fstab files. I have tried adding 'exec' to the appropriate /etc/fstab entry, but that doesn't work. The only way I have found is to remount the partition using the command: sudo mount -o remount,exec /encrypted I have also added the 'exec' keyword to the partitions Addition Options field in Yast->Partitioner. 'exec' appears in the /etc/fstab entry, however it seems to be ignored. Thanks, Alvin --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2008-03-27 at 09:13 -0300, Alvin wrote:
How can I set the execute option when mounting an encrypted partition? I am using openSUSE 10.3 and have created an encrypted partition using Yast.
In 10.2, I simply added the 'exec' option to /etc/cryptotab. However, in 10.3 encrypted partitons are done using a combination of /etc/crypttab and /etc/fstab files. I have tried adding 'exec' to the appropriate /etc/fstab entry, but that doesn't work.
I hadn't noticed before, but you are right. I have one partition mounted via /etc/cryptotab, which is not "noexec": mount: /dev/mapper/cryptotab_loop0 on /cripta type xfs (rw,noatime,nodiratime) The options I use in /etc/cryptotab are: /dev/loop0 /dev/disk/by-id/ata-ST3320620A_5QF2M56F-part15 /cripta xfs twofish256 noatime,nodiratime However, another partition mounted via "/etc/crypttab": mycrypt_mm_f /biggy/crypta_f.mm.x none cipher=twofish-cbc-plain,size=256,hash=sha512,noauto,loop and /etc/fstab: /dev/mapper/mycrypt_mm_f /mnt/crypta.mm.x xfs noauto,user,noatime,nodiratime 1 4 is in fact mounted noexec, and nosuid and nodev: mount: /dev/mapper/mycrypt_mm_f on /mnt/crypta.mm.x type xfs (rw,noexec,nosuid,nodev,noatime,nodiratime) Ie, something is specifying mount options we did not request. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFH6/6mtTMYHG2NR9URAn0eAJoDcW0pgEK32KjjfwvFmpnzRFPmkwCeLWO2 0ecnRwE4Z5ZkkKxWU5esVw4= =kyWh -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Carlos E. R. wrote:
and /etc/fstab:
/dev/mapper/mycrypt_mm_f /mnt/crypta.mm.x xfs noauto,user,noatime,nodiratime 1 4 ^^^^
is in fact mounted noexec, and nosuid and nodev:
mount: /dev/mapper/mycrypt_mm_f on /mnt/crypta.mm.x type xfs (rw,noexec,nosuid,nodev,noatime,nodiratime)
Ie, something is specifying mount options we did not request.
That has nothing to do with crypto partitions. If you specify 'user' as mount option you get exactly those three options as documented in the mount man page. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/ --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (3)
-
Alvin -
Carlos E. R. -
Ludwig Nussel