Provided by: libpam-mount_2.14-1.1_i386 bug


       mount.crypt - mount a dm-crypt encrypted volume


       mount.crypt [-nrv] [-o options] device directory


       -o options
              Set  further  mount  options.  mount.crypt will take out its own
              options it recognizes and passes any remaining options on to the
              underlying mount program. See below for possible options.

       -n     Do  not  update /etc/mtab. Note that this makes it impossible to
              unmount the volume by naming the container - you  will  have  to
              pass the mountpoint to umount.crypt.

       -r     Set up the loop device (if necessary) and crypto device in read-
              only mode.  (The mount itself will  necessarily  also  be  read-
              only.)   Note   that  doing  a  remount  using  `mount  /mnt  -o
              remount,rw` will not make the mount readwrite.  The  crypto  and
              loop devices will have to be disassociated first.

       -v     Turn on debugging and be a bit more verbose.

Mount options

              Enables  discard passthrough support. This option does not cause
              the filesystem to be mounted  with  discard  enabled,  but  does
              allow fstrim to be manually run.

       cipher The cryptsetup cipher used for the encrypted volume. This option
              is mandatory for PLAIN (non-LUKS) volumes.  pmt-ehd(8)  defaults
              to creating volumes with "aes-cbc-essiv:sha256" as a cipher.

              Select the name for the crypto device (optional). This option is
              currently only usable with dm-crypt systems.

       fsck   Run fsck on the container before mounting it.

              The OpenSSL cipher used for  the  filesystem  key.  The  special
              keyword  "none"  can  be  used to bypass decryption and pass the
              file contents directly to libcryptsetup.

              The OpenSSL hash used for producing key and IV.

       fstype The exact type of filesystem in  the  encrypted  container.  The
              default is to let the kernel autodetect.

       hash   The cryptsetup hash used for the encrypted volume. This defaults
              to no hashing, because pam_mount assumes EHD volumes with strong
              and simple fskey generation.

              The  path to the key file. This option is mandatory for "normal"
              crypto volumes and should not be used for LUKS volumes.

              Causes the filesystem to be remounted  with  new  options.  Note
              that  mount.crypt  cannot  switch the underlying loop device (if
              applies) or the crypto device between read-only  and  read-write
              once  it  is  created;  only  the actual filesystem mount can be
              changed, with limits. If  the  loop  device  is  read-only,  the
              crypto device will be read-only, and changing the mount to read-
              write is impossible.  Similarly, going from rw to ro  will  only
              mark  the  mount  read-only,  but not the crypto or loop device,
              thus making it impossible  to  set  the  filesystem  the  crypto
              container is located on to read-only.

       ro     Same as the -r option.

              Same as the -v option.

Obsolete mount options

       This section is provided for reference.

       loop   This  option used to set up a loop device, because cryptsetup(8)
              expects  a  block  device.  The  option   is   ignored   because
              mount.crypt can figure this out on its own.