From: Eric Biggers <ebiggers@google.com>
To: Anand Jain <anand.jain@oracle.com>
Cc: linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Joe Richey <joerichey@google.com>
Subject: Re: fs/crypt ioctl and attr
Date: Mon, 6 Feb 2017 15:31:22 -0800 [thread overview]
Message-ID: <20170206233122.GA60086@google.com> (raw)
In-Reply-To: <658bd54a-ff84-3e15-872d-10b60740729f@oracle.com>
Hi Anand,
On Tue, Feb 07, 2017 at 07:19:00AM +0800, Anand Jain wrote:
>
> Hello,
>
> As I understand the usage of
>
> EXT4_IOC_SET(GET)_ENCRYPTION_POLICY
>
> and as the policy is set per inode and stored as an attribute,
> any reason that - it should be a selinux attribute in specific ?
> and setfattr / getfattr wasn't used instead of the above ioctl ?
>
> IMO, if its attribute its better to have it read/writable
> using the generic tools such as set(get)fattr. ?
>
> Thanks, Anand
The xattr which stores the fscrypt_context, which is the on-disk equivalent of a
fscrypt_policy, is not exposed through the extended attributes syscalls such as
getxattr() and setxattr(). This is by design, for various reasons.
First, there are specific rules around when and how userspace may enable
encryption. For example, encryption can only be enabled on an empty directory,
it's not supported to "unencrypt" an encrypted file or directory in-place,
filesystems may require setting an inode flag when the fscrypt_context is
created, filesystems may require that a superblock flag has been enabled first,
and only specific encryption modes and flags are currently supported and
therefore other ones should be rejected.
Also, it's helpful to decouple the structure passed into the API from the
on-disk representation, for various reasons but currently mainly because the
on-disk xattr includes a nonce, which is generated by the filesystem using
get_random_bytes(). It's not a good idea to force userspace to generate the
nonce because then every program using the API has to get it right, instead of
just the filesystem.
Eric
next prev parent reply other threads:[~2017-02-06 23:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-06 23:19 fs/crypt ioctl and attr Anand Jain
2017-02-06 23:31 ` Eric Biggers [this message]
2017-02-07 5:55 ` Anand Jain
2017-02-07 7:34 ` Eric Biggers
2017-02-07 9:52 ` Anand Jain
2017-02-08 2:41 ` Theodore Ts'o
2017-02-08 4:36 ` Darrick J. Wong
2017-02-08 14:21 ` Theodore Ts'o
2017-02-08 18:55 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170206233122.GA60086@google.com \
--to=ebiggers@google.com \
--cc=anand.jain@oracle.com \
--cc=joerichey@google.com \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).