5

I'm using ecryptfs for an encrypted home directory. I would like to try out the mount option "ecryptfs_xattr" on my encrypted home directory, because it will probably improve performance. Can I specify this option somewhere, and still have it decrypt the home when I log in? (I assume I have to re-create the encrypted home directory, that's no problem)

Marius Bjørnstad
  • 225

1 Answers1

3

First of all, it's extremely doubtful that you'll see a noticeable performance improvement using xattrs for eCryptfs metadata.

As for specifying particular mount options, you can sort of do this using the "ALIAS" feature, which I've documented in the mount.ecryptfs_private manpage. Here, you can add some fstab-style mount options, which can work for other eCryptfs encrypted directories, but unfortunately not $HOME. The reason for this is that if you mangle these options, you could render your $HOME directory unmountable, so we've restricted the options you can tweak for encrypted $HOME. Sorry.

Full disclosure: I'm one of the authors and maintainers of eCryptfs.

Dustin Kirkland
  • 2,573
  • 1
    Thanks for the reply. I thought the performance would improve based on some test in a bug that was originally submitted by me ( https://bugs.launchpad.net/ecryptfs/+bug/988628 ). I actually have some slow drives, but I got great performance using ZFS on dm-crypt. I now run eCryptfs on top of ZFS (no dm-crypt) and there is probably something that confuses the read-ahead logic of ZFS, but it is cached and fast after a few accesses (searches, etc), so it's not a major issue. Thanks for your work on eCryptfs, it is very useful. – Marius Bjørnstad May 28 '12 at 20:57
  • Ah, okay, so based on your model (and the info from my co-maintainer Tyler), I think xattrs are still going to require the same stats and lookups and have the same performance impact. – Dustin Kirkland May 29 '12 at 15:02