On 28/11/2023 00:09, Pocket wrote:
mount /dev/sdd1 /home/fscrypt

fscrypt setup

fscrypt encrypt /home/fscrypt

I am unsure if it is possible to use fscrypt for whole filesystem since it needs .fscrypt unencrypted. ext2 driver might need access to lost+found even when directories are locked. Encrypting a whole partition is a LUKS realm.

As a sanity check, does it work for a subdirectory?

    mkdir /home/fscrypt/tst
    fscrypt encrypt /home/fscrypt/tst

If your are going to create a portable home directory for a specific user then you may face a number of issues. *Login* protector is stored in /.fscrypt, not on the mounted partition, see the fscrypt README.md file. Another problem is locking on logout because pam_fscrypt locks the directory immediately on logout, but systemd user session is still running at this moment (UserStopDelaySec=10 in /etc/systemd/logind.conf).

- <https://github.com/google/fscrypt/issues/95>
  Implement automatic unlocking though a systemd service
- <https://github.com/systemd/systemd/issues/8598>
  systemd-user doesn't properly close its PAM session

systemd-homed has another idea of managing per-user encrypted directories, but I have not tried it.
https://systemd.io/HOME_DIRECTORY/

Reply via email to