Home Explore Help
Register Sign In
fphammerle
/
docker-reverse-encfs
mirror of https://github.com/fphammerle/docker-reverse-encfs
1
0
Fork 0

3 Commits 289dccb342 ... 0668202cf7

Author SHA1 Message Date
  Fabian Peter Hammerle 0668202cf7 readme: fix capitalization 4 years ago
  Fabian Peter Hammerle c12b5be096 readme: document no-new-privileges issue 4 years ago
  Fabian Peter Hammerle 064209602d added changelog 4 years ago
3 changed files with 32 additions and 3 deletions
Split View Show Diff Stats
  1. 17 0
      CHANGELOG.md
  2. 14 2
      README.md
  3. 1 1
      mount.sh

+ 17 - 0
CHANGELOG.md
View File 

@@ -0,0 +1,17 @@
 
+# Changelog
 
+All notable changes to this project will be documented in this file.
 
+
 
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+
 
+## [Unreleased]
 
+
 
+## [0.1.1] - 2019-04-04
 
+### Fixed
 
+- unmount & terminate on SIGTERM
 
+
 
+## [0.1] - 2019-03-22
 
+
 
+[Unreleased]: https://github.com/fphammerle/docker-reverse-encfs/compare/0.1.1-encfs1.9.5-amd64...HEAD
 
+[0.1.1]: https://github.com/fphammerle/docker-reverse-encfs/compare/0.1-encfs1.9.5...0.1.1-encfs1.9.5-amd64
 
+[0.1]: https://github.com/fphammerle/docker-reverse-encfs/releases/tag/0.1-encfs1.9.5

+ 14 - 2
README.md
View File 

@@ -24,7 +24,7 @@ A random password will be generated and stored in `/secret/password`.
 
 
 Set the env var `$ENCFS_PASSWORD_LENGTH` to change its length.
 
 
-## Access encrypted data
 
+## Access Encrypted Data
 
 
 Add `-v /somewhere:/encrypted:shared` to mount the encrypted view of `/plain/*` into the host filesystem.
 
 
@@ -32,9 +32,21 @@ You may need to disable user namespace remapping for containers
 
 (dockerd option `--userns-remap`)
 
 due to https://github.com/moby/moby/issues/36472 .
 
 
-## Serve encrypted data via rsync ssh server
 
+## Serve Encrypted Data via Rsync SSH Server
 
 
 See [examples/rsync-sshd](examples/rsync-sshd/docker-compose.yml)
 
 
 Grant rsync access to a gpg-encrypted view of the encfs password:
 
 [examples/rsync-sshd-incl-gpg-enc-pwd](examples/rsync-sshd-incl-gpg-enc-pwd/docker-compose.yml)
 
+
 
+## Known Issues
 
+
 
+Mount fails with `EPERM / Operation not permitted`
 
+when enabling `--security-opt=no-new-privileges`.
 
+
 
+`fusermount` must run with `uid=0`.
 
+`no-new-privileges` makes the `setuid` bit ineffective:
 
+```sh
 
+$ stat -c '%A %U %G' /bin/fusermount
 
+-rwsr-xr-x root root
 
+```

+ 1 - 1
mount.sh
View File 

@@ -10,7 +10,7 @@ if [ ! -f "$ENCFS_PASSWORD_PATH" ]; then
 
     [ -f "$ENCFS_SOURCE_CONFIG_PATH" ] && (set -x; rm "$ENCFS_SOURCE_CONFIG_PATH")
 
 fi
 
 
-# cave: when $ENCFS6_CONFIG is set, encfs excepts the config to already exist
 
+# cave: when $ENCFS6_CONFIG is set, encfs expects the config to already exist
 
 # ERROR fatal: config file specified by environment does not exist: /target/config/encfs6.xml [FileUtils.cpp:246]
 
 # https://github.com/vgough/encfs/issues/497