From: Jaegeuk Kim <jaegeuk@kernel.org>
To: Christoph Hellwig <hch@infradead.org>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [PATCH] f2fs: support access control via key management
Date: Tue, 15 Mar 2016 09:37:25 -0700 [thread overview]
Message-ID: <20160315163725.GA78436@jaegeuk.gateway> (raw)
In-Reply-To: <20160315072422.GB11669@infradead.org>
Hello,
On Tue, Mar 15, 2016 at 12:24:22AM -0700, Christoph Hellwig wrote:
> On Wed, Mar 09, 2016 at 04:52:48PM -0800, Jaegeuk Kim wrote:
> > Through this patch, user can assign its key into a specific normal files.
> > Then, other users who do not have that key cannot open the files.
> > Later, owner can drop its key from the files for other users to access
> > the files again.
>
> No magic file system specific access control, please:
I agree that I must follow FS convention here.
But, in order to make this clear out, could you please elaborate why this is not
allowed?
I wrote this patch totally based on per-file encryption in which users cannot
access their files if they have no right key.
The only difference is that this controls user access with a key only, neither
encrypting file data nor dentries.
This was initiated by UX in android letting nobody be able to access the files
that owner wants to protect by passcode or fingerprint.
Does it make no sense to support this by filesystems?
Thanks,
>
> Nacked-by: Christoph Hellwig <hch@lst.de>
next prev parent reply other threads:[~2016-03-15 16:37 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-10 0:52 [PATCH] f2fs: support access control via key management Jaegeuk Kim
2016-03-10 2:05 ` kbuild test robot
2016-03-10 2:18 ` kbuild test robot
2016-03-15 7:24 ` Christoph Hellwig
2016-03-15 16:37 ` Jaegeuk Kim [this message]
2016-03-21 15:39 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160315163725.GA78436@jaegeuk.gateway \
--to=jaegeuk@kernel.org \
--cc=hch@infradead.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).