From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from userp1040.oracle.com ([156.151.31.81]:29297 "EHLO userp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750831AbdBMWNn (ORCPT ); Mon, 13 Feb 2017 17:13:43 -0500 Subject: Re: fs/crypto: file-name encryption, optional ? To: "Theodore Ts'o" References: <86003117-e684-cdc6-567f-a227ddfd7885@oracle.com> <20170209191727.4py6beqfu22xjrsj@thunk.org> <2947c1ee-f3a5-d6f0-aee4-9cbe33df0472@oracle.com> <20170210155630.2z3mi2vjqupdwhma@thunk.org> <20170213154143.hr22u75fstd5fhym@thunk.org> Cc: Richard Weinberger , linux-fsdevel From: Anand Jain Message-ID: Date: Tue, 14 Feb 2017 06:18:09 +0800 MIME-Version: 1.0 In-Reply-To: <20170213154143.hr22u75fstd5fhym@thunk.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On 02/13/17 23:41, Theodore Ts'o wrote: > On Mon, Feb 13, 2017 at 01:57:58PM +0800, Anand Jain wrote: >> I think my any other reason for not having file-name encryption is easily >> overridden by the reason that, if file-name encryption is not optional now >> then, it would be a regression as because it was indeed optional before, in >> EXT4. > > Are you sure it was optional? If so, when? That would have been a > bug, because the inductive requirement of the crypto policy was in the > design from the very beginning of our implementation phase. There may > have been some design docs that talked about it being optional, but > they date from before we started thinking about how to protect against > Evil Maid attacks. Ok. I can't locate now. Its confusing. Similarly I am corrected about the encryption context not being a SElinux attr, not sure where I had seen them, it rather very confusing. Thanks, Anand