On Tue, Oct 26, 2010 at 00:40:41 +0200, nodata <lsof@xxxxxxxxxxxx> wrote: > > My point is that if the disk is encrypted, and the user knows the > passphrase to access files on the device, then it doesn't make sense to > let everyone else see what's on the device as well: it only make sense > to decrypt the device to the user who knows the passphrase. The files aren't decrypted to people (at least not yet, but expect a law requiring people to replace their eyes with ones that respect DRM sometime in the future). Once the OS can access the files, you are relying on the OS' security. > There's an argument that other people will want to see what's on the > device too. That's fine: the user can opt-in to that. But secure by > default should be what we're aiming at. When you mount the file you can attach selinux context to all of the files or set the uid and group ownership to allow the OS to restrict access to the files excepting a compromised system or the use doing something boenheaded. (selinux can make the latter hard to do). -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
