Safety of using Zulucrypt via sudo to open container in shared folder?

Hello, I’m running into a permissions related issued with Zulucrypt on Whonix Virtualbox when trying to open a container in a shared folder. I’ve found a workaround, but am unsure it’s a safe one.

I am trying to open an encrypted container that is passed to the workstation VM via a shared folder in VirtualBox. Opening Zulucrypt GUI from the menu (which requires entry of the user password on the workstation), I can navigate through its GUI to the location of the shared folder (/media/testcrypt/testcrypt_container), but when trying to mount it I get the following (permission) error.

“A non supported device encountered, device is missing or permission denied. Possible reasons for getting the error are: 1. Device path is invalid. 2. The device has LVM or MDRAID signature”.

I can open the same container if copied to the disk of the VM with no issues.

I did some research on this problem, and found a thread on linuxquestions (the thread title is ‘trying to use cryptsetup in terminal to create encrypted partitions. zulucrypt won’t work’, I cannot link it directly), which helped me to understand that by default perhaps zuluCrypt is running in mixed mode, where the GUI is running privileged but serving a normal user (which maybe cannot get to the location of the shared folder mount).

The thread suggest running ‘sudo zuluCrypt-GUI’ from a console.

If I do so, I can indeed mount the encrypted container. However, when the window opens to show the files, there is a banner on the file system navigator instance saying: 'Warning: you are using the root account. You may harm your system."

My questions are: does running zuluCrypt in this way, sudo via console to mount a container on a shared drive, and then accessing the files via this root account file system window present any security issues with Whonix? My use case is generally just going to be copy files in and out of the encrypted container; I will not be running any software out of it.

Does having zuluCrypt running elevated present any security threats?

Is there a better way to do this?


That could be difficult. You’d need to master linux access rights. The folder would have to be mounted with a linux user or linux group that has read/write access.

That is really complex. See:

Thank you for the reply. Sounds like this is not simple, and could potentially be an attack surface (sniffing a password for the container would be one I’d like to avoid 100%). I’ll need to think about that and perhaps do some more reading.

I think for now I’ll avoid this; I can always copy a container to the VM and then back to the shared folder. The containerized files get used in other VMs without network access, so there should be little risk there.

Thanks for your reply and your development!

1 Like