I have a container with a shared folder:
devices:
data:
path: /fs
source: /srv/data
type: disk
In the shared directory /srv/data
, there is a subdirectory /srv/data/confidential
, which is an automounted, LUKS-encrypted volume.
At least on the host, not in the container. As I see, the LXC container mounts the data share as /dev/mapper/vg0-data
, not as its directory path /srv/data
. This effectively hides the crypted volume in the container.
I experimented with separate shares and bind mounts, but they all do not play with systemd automount.
Is there anything that can be done?