Hello, I’m running into a permissions related issued with Zulucrypt on Whonix Virtualbox when trying to open a container in a shared folder. I’ve found a workaround, but am unsure it’s a safe one.
I am trying to open an encrypted container that is passed to the workstation VM via a shared folder in VirtualBox. Opening Zulucrypt GUI from the menu (which requires entry of the user password on the workstation), I can navigate through its GUI to the location of the shared folder (/media/testcrypt/testcrypt_container), but when trying to mount it I get the following (permission) error.
“A non supported device encountered, device is missing or permission denied. Possible reasons for getting the error are: 1. Device path is invalid. 2. The device has LVM or MDRAID signature”.
I can open the same container if copied to the disk of the VM with no issues.
I did some research on this problem, and found a thread on linuxquestions (the thread title is ‘trying to use cryptsetup in terminal to create encrypted partitions. zulucrypt won’t work’, I cannot link it directly), which helped me to understand that by default perhaps zuluCrypt is running in mixed mode, where the GUI is running privileged but serving a normal user (which maybe cannot get to the location of the shared folder mount).
The thread suggest running ‘sudo zuluCrypt-GUI’ from a console.
If I do so, I can indeed mount the encrypted container. However, when the window opens to show the files, there is a banner on the file system navigator instance saying: 'Warning: you are using the root account. You may harm your system."
My questions are: does running zuluCrypt in this way, sudo via console to mount a container on a shared drive, and then accessing the files via this root account file system window present any security issues with Whonix? My use case is generally just going to be copy files in and out of the encrypted container; I will not be running any software out of it.
Does having zuluCrypt running elevated present any security threats?
Is there a better way to do this?
Thanks!