New feature; add encrypt-at-rest

When a jail is encryted at rest using 'encfs' we detect that and ask for a password upon starting the jail. This sounded like a neat little idea which ended up taking nearly 4 days to do... EncFS needs to be running as root, as it is a FUSE system and it will actually stop root from reading/writing files if it is running as a user. It also is very picky about not running in a namespace, it manages to hang indefinitely otherwise where a shutdown can't complete because the process doesn't want to die :-) So, it runs as root, takes the password via a pipe and we have a watchdog proces to kill it when the jail is shut down.
2024-05-17 11:39:44 +02:00
parent 4c1505b8fa
commit d046c171f6
10 changed files with 266 additions and 17 deletions
@@ -5,7 +5,7 @@ set(CMAKE_INCLUDE_CURRENT_DIR ON)
 set(CMAKE_AUTOMOC ON)
 set(CMAKE_CXX_STANDARD 17)

-find_package(Qt6 COMPONENTS Core DBus REQUIRED)
+find_package(Qt6 COMPONENTS Core Widgets DBus REQUIRED)

 # starting with Qt5.15 we have a lot of deprecation warnings,
 # likely to make porting to Qt6 easier.
@@ -24,7 +24,7 @@ set (SERVER_SOURCES
 )

 add_executable(isolation_runner ${SERVER_SOURCES})
-target_link_libraries(isolation_runner Qt6::Core Qt6::DBus)
+target_link_libraries(isolation_runner Qt6::Core Qt6::DBus Qt6::Widgets)

 if ("$ENV{HOME}" STREQUAL "/root") # hacky way to know if we're root.
    # setuid is needed, we can apply that when root installs it.