[dm-crypt] concurrency

Arno Wagner arno at wagner.name
Sat Mar 26 21:06:10 CET 2016


in order to have a shared filesystem work, you need, well,
a shared filesystem! Do not under any circumstances share
the block-device or the LUKS-remapped decrypted block
device. I suspect you do soemthing like that, because
otherwise the question would not even arise. 

The rigth way to do this is 
  raw-block-device -> LUKS decrypted block device -> Filesystem
  -> export of that filesystem, e.g. via NFS.

(last two steps possibly one with other network filesystyems)

Of course, NFS (or the network filesystem of your choice)
has some transactional assurances and is missing others.
For example, on NFS, nothing is atomic, except locks 
or rename operation (as far as I remember).

But if you do follow the right layering, what you have is
not a LUKS problem at all, but something stemming from the
filesystem layer and possibly wrong assumptions about the 
assurances it offers.


On Sat, Mar 26, 2016 at 15:50:10 CET, Hugh Bragg wrote:
> Should I be able to use Luks concurrently on a shared filesystem from
> different computers?
> Attempts so far have failed with writes not being seen from the other
> computer until both computers remount the filesystem or reboot.
> Specifically, virtualbox shareable disks and shared folders, but
> potentially, any nfs/cloud storage.
> Am I missing something or is there another tool for this case?
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier

More information about the dm-crypt mailing list