Puffy's Encrypted Container Manager - A tool for simplifying secure virtual devices in OpenBSD

lotus df018a7e15 Removed requirement to run entire script as root. Now only the line that need root run doas for each command. Quoted more variables. Added more comments. Version bump. Updated README and man page. 6 months ago
.gitignore d7211ffc9b fixed makefile, updated readme, added gitignore 1 year ago
LICENSE.md 3f5e5c0b0e updated readme and license 1 year ago
README.md df018a7e15 Removed requirement to run entire script as root. Now only the line that need root run doas for each command. Quoted more variables. Added more comments. Version bump. Updated README and man page. 6 months ago
makefile d7211ffc9b fixed makefile, updated readme, added gitignore 1 year ago
pecm.1 df018a7e15 Removed requirement to run entire script as root. Now only the line that need root run doas for each command. Quoted more variables. Added more comments. Version bump. Updated README and man page. 6 months ago
pecm.sh df018a7e15 Removed requirement to run entire script as root. Now only the line that need root run doas for each command. Quoted more variables. Added more comments. Version bump. Updated README and man page. 6 months ago

README.md

pecm

logo

License

Motivation

I use the ctmg tool written by Jason Donenfeld (aka zx2c4) on my Linux machines. I wanted a tool like ctmg for OpenBSD. This tool requires that you have doas configured.

doas configuration

# if you haven't already, add a line like this to /etc/doas.conf
permit persist BobBoblaw

# allow user bob to execute superuser commands

Installation

Simply run:

doas make install

# to uninstall
doas make uninstall

There are no dependencies, but this tool only works for OpenBSD.

Usage

pecm new 1000 MB
pecm open container.ct # (pecm expects your container to have the .ct extension at runtime)
pecm list
pecm close container

Differences from ctmg

  • Does not create sparse containers
  • Does not include the 'delete' flag (I'll let you type rm)
  • Currently spaces in container names are not supported (working on refactoring)

Limitations

With the generic kernel you can only have 4 virtual devices open at once. You have to compile a custom kernel to change this value. See the man page for vnd for more info.

License / Disclaimer

This project is licensed under the 3-clause BSD license. (See LICENSE.md) I take no responsibility for you blowing stuff up. Artwork courtesy of freepik (CC 3.0 BY)