Alright, the loopback device FAQ is now considered "1.0". If you see a glaring error, PM me.
Mounting ISO files, encrypting hard drives, and other applications of the Linux Loopback Device
One of the most useful features of Linux is the Loopback device. This is a function of the Linux kernel that lets you do things like mount ISO files without burning it to a CD,
create an encrypted filesystem, hide a filesystem with steganography, create initialization RAM disks for boot CDs and floppies, and much, much more. This FAQ will tell you
how to use it.
There are two ways to create a loopback device. The simplest is using
mount with the
-o loop switch, and more complex things can be done with
losetup.
The former just lets you mount a filesystem that resides within a normal file, such as an ISO, whereas the latter lets you do things like encryption.
In this FAQ, I will tell you how to do three things using the loopback device:
1. Mount an ISO file without burning it to a CD
2. Create a simple filesystem within a file
3. Create a simple encrypted hard drive partition
First, however, you need to have loopback support in the kernel. The kernels included in almost every distro out there either have support built in, or available as a module. If
you get errors when trying the commands below, try running
modprobe loop as root. If that produces an error, you will most likely need to compile a new kernel. Whilst
going through the configuration options, ensure that you enable "Loopback Device Support" in the Block Devices section.
Another thing you might want to recompile your kernel for is to apply the crypto patch. In addition to other things, this allows you to use far stronger encryption methods on
the loopback device. If I understand correctly, the best you can do without it is XOR encryption, which is easier to crack than an egg. I will elaborate on this at the end of the
FAQ.
Now, with that out of the way, on to the application examples.
Mounting an ISO without buring it to a CD
This is, by far, the thing I miss most when I am forced to use windows. With a single command, you can mount an ISO file directly off of the hard drive, as if it were a CD.
The command to do this is:
mount -o loop -t iso9660 filename /mnt/cdrom
Explanation:
mount: Involks the mount command.
-o loop: Specifies that the option "loop" be passed to mount. This tells it to attach the specified file to a loopback device, and the mount that automaticly.
-t iso9660: Specifies that the ISO-9660 filesystem is being used. mount can detect this by itself, but I always specify it anyway.
filename: This tells mount what file to mount.
/mnt/cdrom: The mount point that will be used. This can be any directory. /mnt/cdrom and /cdrom are considered the standard places to mount CDs, so that's what I
use.
When you are done with it, unmount it using this command:
umount -d /mnt/cdrom
Explanation:
umount: Involks the umount command.
-d: Tells umount to free the loopback device. You can omit this, but the loopback device that was used will remain bound to the file.
/mnt/cdrom: The mount point you used.
Note that this is not limited to ISO files, you can use this procedure for any filesystem embedded in a file, just substitute iso9660 with the correct filesystem. More information
on that in the next example.
Creating a filesystem within a file
There are many reasons why you may want to create a filesystem within a file. Maybe you want seperate filesystems for /home, /usr, /var, and so on without messing
around with setting up partitions. Maybe you want to create a RAM disk for a boot floppy or CD. Maybe you want to test a filesystem utility you're writing. That does not
matter. Regardless of why you're doing it, it is a pretty easy thing to do. Here's the procedure:
1. Create a blank file of the needed size using dd:
dd if=/dev/zero of=filename bs=1M count=size
Explanation:
dd: Runs the dd command.
if=/dev/zero: Tells dd that the data source is /dev/zero, which is a "device" that just spits out zeroes.
of=filename: Tells dd to create a file called
filename.
bs=1M: Tells dd to create the file in 1 MB blocks. This can be anything, but using a value like this makes it easier to figure out what to specify for count=.
count=size: Tells dd to copy
size blocks, whose size is specified in the bs= parameter.
Example for a 800 megabyte file called loopfile:
dd if=/dev/zero of=loopfile bs=1M count=800
2. Create a filesystem in the file. The command varies widely based on what filesystem you use, but most are of the format
mkfs_tool_name filename. Here's an
example for Ext3:
mke2fs -j filename
Explanation:
mke2fs: Runs mke2fs, the program that creates ext2 and ext3 filesystems.
-j: Stands for
journal. Tells mke2fs to make an ext3 filesystem.
filename: The name of the file you made with dd in step 1.
3. Mount the filesystem. The command for this is exactly the same as the one used to mount an ISO file as explained above, except you replace
iso9660 with the type
of filesystem you created in step 2. The same is true for unmounting.
Encrypting a hard drive partition
This is where you can see just how useful the loopback device can be. Using a fairly simple series of commands, you can create an encrypted volume to store your
pr0^H^H^Hfinancial records and other sensitive material. Note that it does not have to be a hard drive partition, you can make a blank file with dd and use that if you want
to, but it seems to me that a seperate hard drive partition is better for this. Anyway, here's how to do it:
1. Make a blank partition if you haven't done so already.
2. Use losetup to bind the partition to a loopback device with encryption. Depending on what kind of crypto you want to use, and any other options you might want to use,
this command varies, but here's an example:
losetup -e xor /dev/loop0 /dev/sda1
Explanation:
losetup: Runs losetup, the program that controls loopback devices.
-e xor: Tells it to use XOR encryption.
/dev/loop0: Tells it what loopback device to use. There are 8 you can use, ranging from loop0 to loop7.
/dev/sda1: Tells it that the data is to be stored on the first partition of the first SCSI hard drive. Replace this with the device or file the data will reside upon.
When you run this, you will be asked for a password.
3. From now on, just use /dev/loop0 where you would normally use /dev/sda1 (or whatever you used), as it works just like a normal hard drive partition.
4. When you are done with it, run
losetup -d /dev/loop0 to detatch it. When you need to access it again, just repeat step 2.
Note, however, that XOR encryption isn't very tough. As I said at the beginning of this FAQ, to get stronger encryption methods, such as twofish and aes, you need the
crypto patch for the kernel, and you also need a patched version of losetup from the util-linux package. Here's how to set that up:
1. Download the crypto patch. It is called "patch-int-
kernelversion.
patchversion.bz2" and can be found at any kernel.org mirror, in the
/pub/linux/kernel/people/hvr/testing directory. At the time of writing, the latest one is
patch-int-2.4.19.2.bz2.
2. Switch to your kernel source directory. This source must be clean to apply the patch, so run
make mrproper. Note that this will delete your .config, so put it somewhere safe, like /usr/src or your home directory.
3. Apply the patch. This command assumes that you downloaded the bzip2 compressed patch, and it is in the directory above the source directory.
bzcat ../patch-int-2.4.19-2.bz2 | patch -p1
4. Copy your .config back into the kernel source directory, and then run your favorite kernel configurator.
5. Enable CryptoAPI support, all the message digest algorithims, any ciphers you want (No harm in enabling all of them), and Loop crypto support (under crypto devices).
6. Before you run make dep, you need to apply the cryptoloop patch. It can be found in the same place as the crypto patch, and is named "cryptoloop-
version.tar.bz2". Latest as of time of writing is
cryptoloop-0.0.1-pre1.tar.bz2. Download and extract it, then enter its directory.
7. Patch the kernel.
make patch-kernel KDIR=/kernel/source/directory LOOP=jari
8. Switch back to the kernel directory, and then compile and install it as normal.
You now have a kernel with CryptoAPI. However, as the README indicates, you need a patched losetup utility to take full advantage of it. Here's how to get that:
1. Download the util-linux source code if you don't already have it. It can be found at any kernel.org mirror, in the
/pub/linux/utils/util-linux directory. The filename is "util-linux-
version.tar.bz2". Latest at time of writing is
util-linux-2.11w.tar.bz2. Save it somewhere and unpack it.
2. Download the patch. It too can be found at any kernel.org mirror, in the
/pub/linux/kernel/people/hvr/util-linux-patch-int directory. Filename is "util-linux-
version.patch.bz2". Get the one whose version is closest to the util-linux package you downloaded.
3. Switch to the util-linux source code directory, and apply the patch. Assuming the patch is in the directory above the util-linux source, the command is:
bzcat ../util-linux-2.11r.patch.bz2 | patch -p1
4. Compile it.
./configure && make
5. Install losetup and its man page.
cp mount/losetup /sbin/losetup && chown root.root /sbin/losetup && cp mount/losetup.8 /usr/man/man8/losetup.8
Done! Now, read
man losetup to learn how to use the new feaures you just added to losetup.
I hope this FAQ has been informative.
-Electrode