On Mon, Sep 05, 2022 at 08:35:17PM -0400, Sweet Tea Dorminy wrote: > From: Omar Sandoval <osandov@xxxxxxxxxxx> > > Creating several new subvolumes out of snapshots of another subvolume, > each for a different VM's storage, is a important usecase for btrfs. We > would like to give each VM a unique encryption key to use for new writes > to its subvolume, so that secure deletion of the VM's data is as simple > as securely deleting the key; to avoid needing multiple keys in each VM, > we envision the initial subvolume being unencrypted. However, this means > that the snapshot's directories would have a mix of encrypted and > unencrypted files. During lookup with a key, both unencrypted and > encrypted forms of the desired name must be queried. > > To allow this, add another FS_CFLG to allow filesystems to opt into > partially encrypted directories. > > Signed-off-by: Omar Sandoval <osandov@xxxxxxxxxxx> > Signed-off-by: Sweet Tea Dorminy <sweettea-kernel@xxxxxxxxxx> Reviewed-by: Josef Bacik <josef@xxxxxxxxxxxxxx> Thanks, Josef
|