I would like to use Encfs to encrypt a copy of / for a backup by using the reverse option and then running my backup tool on the virtual, encrypted filesystem. Whenever I back up through other tools (rsync for example), they have an option to not cross filesystem boundaries.
Is there an equivalent option in Encfs? Or would such attributes pass through to the encrypted version, and I should just run my backup tool with the one filesystem option?
I have been looking for an answer to the same question, and I am afraid the answer is nope, this is not (yet) possible with encfs.
The closest I found was this bug report: https://code.google.com/p/encfs/issues/detail?id=9
encfsctl encode is also capable of encrypting single files, but that's an overkill for excluding other filesystems (or even single files).
I think you can remount root, somewhere else (with out its sub-mounts. Then run encfs on that.
sudo mount --bind / root
will mount / onto directory root, with no sub-mounts. You can then use encfs in reverse mode to do what you want.
Note however that it is a lot of effort to encrypt and backup the files that are in your distros repositories. You could consider other alternatives: back up etc (use etc-keeper and backup the repo). Look into good backup policies for backing up Unix machines, there is good separation between what needs backing up, and what you can get from your distributor's CDs, and what changes so frequently that a backup will be out of date (so other measures are needed).
