Linux fuse support

[malcb]

Why does veracrypt fail with "failed to setup loop device /tmp/.veracrypt_aux_mnt1/volume"?

This is on a fuse system with no loop. Veracrypt has already created a test container under fuse. The option to mount at ~/media has been used.

If I employ a hack to enable loop devices then the mount works but I would have thought, given that creating the container under fuse works that the mounting of it should work too so I think this is a bug.

Also, I can find no info on what goes in the Settings->Preferences->Mount Options, File System, Mount Options box, I can find no way to set the default mounting directory in preferences meaning I have to set this every time in the mount options. The default mount position is not allowed as it would require root so it is pain to have to do this every time. Also the mount box does not resize or reposition when option is clicked meaning I have to manually resize and move this box to see the need options.

What would be expect I think is:
1 No need for any loop, just fuse
2 An option to set default mount point inside of user's home directory
3 A option or a default of mounting below the default mount point as or slot number

Without the latter multiple mounts would be overlaid giving an issue with duplicate file names.

Your Environment

Please tell us more about your environment

VeraCrypt version: veracrypt-1.26.18-Debian-12-amd64.deb

Operating system and version: Debian 12

System type: 64-bit

This is a container VM environment so not a full linux. No loop is available only fuse. No dm_crypt is available (I believe) so preferences has the option not to use kernel services ticked so very useful that veracrypt has that option.

[malcb]

FYI findmnt says /tmp/.veracrypt_aux_mnt1/volume is type fuse.veracrypt . It is ~/media , the mount point, that is /dev/loop0.

[malcb]

adding a symbolic link for user home to /media fixes the issue with veracrypt needing root and of course gives the user access to the mounted veracrypt container. That's a reasonable work around for points 2 and 3. With the hack to open loop in the container, and disabling kernel cryptographic services in the preference I can now get veracrypt to work in the container. However, veracrypt breaks the audio (sound output) in the VM. The sound worked prior to veracrypt's install and even removing it and the no longer needed files has not restored sound. I've yet to work out why.

CORRECTION: It was enabling loop devices that broke the sound, so if veracrypt only used fuse sound would not be an issue.

[malcb]

I have a fix, for the benefit of anyone else looking to get veracrypt (or any personal encryption) working on a chromebook with the default linux via crostini here are the steps:

1. Follow the guide here to open up loop devices. The changes to penguin configuration will stick but the final step of mounting devtmpfs and devpts will need to be done every time linux is shut down if you want to use veracrypt so making a script to do this is useful. I'd be wary of having this automatic because it is easy to break the VM. The container changes do not survive restore a backup, in my experience.
2. create symbolic links from user home to /mnt/chromeos/removable and to /media. This will give you and veracrypt access to usb drives and the default volume mount point (/media)
3. Install veracrypt and in veracrypt settings, preferences, tick not to use kernel cryptography

My fix for the sound, on my chromebook, may not work on others, is to install pavucontrol and start this (in background) before mounting devtmpfs and devpts. If you script this then I find you need to add a sleep after starting pavucontrol before mounting else this fix doesn't work. A 3s delay worked for me, likely less would do too. Before install pavucontrol I installed cros-pulse-config. Pavucontrol is a volume control, mixer, etc. for pulse audio so Cros(tini)-Pulse-Configuration seemed like a good idea. It's not an automatic install on my chromebook.