On 02/13/17 23:41, Theodore Ts'o wrote:
On Mon, Feb 13, 2017 at 01:57:58PM +0800, Anand Jain wrote:
I think my any other reason for not having file-name encryption is easily
overridden by the reason that, if file-name encryption is not optional now
then, it would be a regression as because it was indeed optional before, in
EXT4.
Are you sure it was optional? If so, when? That would have been a
bug, because the inductive requirement of the crypto policy was in the
design from the very beginning of our implementation phase. There may
have been some design docs that talked about it being optional, but
they date from before we started thinking about how to protect against
Evil Maid attacks.
Ok. I can't locate now. Its confusing.
Similarly I am corrected about the encryption context not being
a SElinux attr, not sure where I had seen them, it rather very
confusing.
Thanks, Anand
