No Description

Fabian Peter Hammerle 0668202cf7 readme: fix capitalization 3 years ago
examples 289dccb342 compose example: added docker/moby src refs for mount propagation restriction 3 years ago 064209602d added changelog 3 years ago
Dockerfile da84af088e create mount point /encrypted/encfs during runtime to be able to mount /encrypted 3 years ago 0668202cf7 readme: fix capitalization 3 years ago
docker-compose.yml ad8ee62754 docker-compose: move rsync-sshd to new examples/rsync-sshd/docker-compose.yml 3 years ago c12b5be096 readme: document no-new-privileges issue 3 years ago

Reverse EncFS 🐳

Provides an EncFS-enciphered view /encrypted of volumes mounted in /plain

docker run --rm --device /dev/fuse \
    -v plain-data1:/plain/foo:ro \
    -v plain-data2:/plain/bar:ro \
    -v encfs-password:/secret \
    --cap-add SYS_ADMIN --security-opt apparmor:unconfined \

Optionally add --network none

Docker Compose 🐙

  1. Adapt paths in docker-compose.yml
  2. docker-compose up


A random password will be generated and stored in /secret/password.

Set the env var $ENCFS_PASSWORD_LENGTH to change its length.

Access Encrypted Data

Add -v /somewhere:/encrypted:shared to mount the encrypted view of /plain/* into the host filesystem.

You may need to disable user namespace remapping for containers (dockerd option --userns-remap) due to .

Serve Encrypted Data via Rsync SSH Server

See examples/rsync-sshd

Grant rsync access to a gpg-encrypted view of the encfs password: examples/rsync-sshd-incl-gpg-enc-pwd

Known Issues

Mount fails with EPERM / Operation not permitted when enabling --security-opt=no-new-privileges.

fusermount must run with uid=0. no-new-privileges makes the setuid bit ineffective:

$ stat -c '%A %U %G' /bin/fusermount
-rwsr-xr-x root root