I have a container with a shared folder:
devices: data: path: /fs source: /srv/data type: disk
In the shared directory
/srv/data, there is a subdirectory
/srv/data/confidential, which is an automounted, LUKS-encrypted volume.
At least on the host, not in the container. As I see, the LXC container mounts the data share as
/dev/mapper/vg0-data, not as its directory path
/srv/data. This effectively hides the crypted volume in the container.
I experimented with separate shares and bind mounts, but they all do not play with systemd automount.
Is there anything that can be done?