Am Mittwoch, 13. März 2019, 13:58:11 CET schrieb Miklos Szeredi: > On Wed, Mar 13, 2019 at 1:47 PM Richard Weinberger <richard@xxxxxx> wrote: > > > > Am Mittwoch, 13. März 2019, 13:36:02 CET schrieb Miklos Szeredi: > > > I don't get it. Does fscrypt try to check permissions via > > > ->d_revalidate? Why is it not doing that via ->permission()? > > > > Please let me explain. Suppose we have a fscrypto directory /mnt and > > I *don't* have the key. > > > > When reading the directory contents of /mnt will return an encrypted filename. > > e.g. > > # ls /mnt > > +mcQ46ne5Y8U6JMV9Wdq2C > > Why does showing the encrypted contents make any sense? It could just > return -EPERM on all operations? The use case is that you can delete these files if the DAC/MAC permissions allow it. Just like on NTFS. If a user encrypts files, the admin cannot read them but can remove them if the user is gone or loses the key. Thanks, //richard
