Joe, On 29.11.2016 22:42, Joe Richey wrote: > Hi Richard, > > I'm Joe Richey, and I work on Mike's team. We've been playing around > with a few design > ideas regarding a tool for managing filesystem encryption. After going > though some iterations > with Ted, we have a fairly good idea about where to head design wise, > and I'm working on a > design document for it. It's a bit preliminary at this point, but I > can share it if you want. > > Our goal is to have a finished doc by end of Q4 and then get your and > Jaegeuk's feedback. Thanks for your quick response! I hoped you had already some code, but having a decent design document is also nice. I'm eager to read it. Do you also plan to address d/page cache related issues? i.e. when two users are logged into the system user rw is able to see decrypted file names and contents in /home/dags/ if user dags installs a key and accessed a file. Or files in /home/dags/ are still readable even after user dags purged the key. The tool could play games with CLONE_NEWNS to hide directories. To provide a correct "logout" we could expose shrink_dcache_parent() to usespace such that the emerging tool can purge the key and flush the dcache on the encrypted directory. But I fear exposing shrink_dcache_parent() is not a good idea. :-) Just some random ideas... Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
