I would like to keep some secret executable binaries inside a LUKS partition.
This partition is not mounted automatically at boot, but only manually in some moments
I would like to automatically add a directory /media/user/luksdisk/bin contained in the luks partition to the system PATH automatically after mounted.
I would also like any binary link names to be unreadable when the partition is unmounted.
There are some issues with this that will prevent it from working. Here's the issues, and some possible alternate solutions.
PATH is an environment variable, which is separate in the memory of each executable. You can only change future paths, not ones in currently existing processes. (But the process can change its own path, e.g., a shell.)
You can just put that directory (or a symlink to it) in your path and it will always be there. However, most shells hash the executables in the path, so you'd have to tell the shell to rebuild that (hash -r in bash) after mounting. Note that probably only interactive shells have an issue with this, and normal executables should search every directory in the path every time.
As an alternative, you could populate the bin directory under the mount point with fake things or things similar to what is in the LUKS partition (but not secret), so that the shell hashes them, and then it will run the secret alternative when the LUKS volume covers the mount point. You might want to choose a less obvious path for mounting it though.
