dependabot[bot] 87d444793a build(deps): bump docker/build-push-action from 3.1.0 to 3.1.1 (#13) | hace 2 años | |
---|---|---|
.github | hace 2 años | |
examples | hace 5 años | |
CHANGELOG.md | hace 4 años | |
Dockerfile | hace 5 años | |
README.md | hace 4 años | |
docker-compose.yml | hace 5 años | |
mount.sh | hace 4 años |
Provides an EncFS-enciphered view /encrypted
of volumes mounted in /plain
docker run --rm --device /dev/fuse \
-v plain-data1:/plain/foo:ro \
-v plain-data2:/plain/bar:ro \
-v encfs-password:/secret \
--cap-add SYS_ADMIN --security-opt apparmor:unconfined \
fphammerle/reverse-encfs
Optionally add --network none
docker-compose up
A random password will be generated and stored in /secret/password
.
Set the env var $ENCFS_PASSWORD_LENGTH
to change its length.
Add -v /somewhere:/encrypted:shared
to mount the encrypted view of /plain/*
into the host filesystem.
You may need to disable user namespace remapping for containers
(dockerd option --userns-remap
)
due to https://github.com/moby/moby/issues/36472 .
Grant rsync access to a gpg-encrypted view of the encfs password: examples/rsync-sshd-incl-gpg-enc-pwd
Mount fails with EPERM / Operation not permitted
when enabling --security-opt=no-new-privileges
.
fusermount
must run with uid=0
.
no-new-privileges
makes the setuid
bit ineffective:
$ stat -c '%A %U %G' /bin/fusermount
-rwsr-xr-x root root