Re: [PATCH v7 07/16] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "Theodore Y. Ts'o" <tytso@xxxxxxx>, linux-fscrypt@xxxxxxxxxxxxxxx, linux-fsdevel@xxxxxxxxxxxxxxx, linux-ext4@xxxxxxxxxxxxxxx, linux-f2fs-devel@xxxxxxxxxxxxxxxxxxxxx, linux-mtd@xxxxxxxxxxxxxxxxxxx, linux-api@xxxxxxxxxxxxxxx, linux-crypto@xxxxxxxxxxxxxxx, keyrings@xxxxxxxxxxxxxxx, Paul Crowley <paulcrowley@xxxxxxxxxx>, Satya Tangirala <satyat@xxxxxxxxxx>
Subject: Re: [PATCH v7 07/16] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
From: Eric Biggers <ebiggers@xxxxxxxxxx>
Date: Thu, 1 Aug 2019 11:46:47 -0700
In-reply-to: <20190801183554.GA223822@gmail.com>
Mail-followup-to: "Theodore Y. Ts'o" <tytso@xxxxxxx>, linux-fscrypt@xxxxxxxxxxxxxxx, linux-fsdevel@xxxxxxxxxxxxxxx, linux-ext4@xxxxxxxxxxxxxxx, linux-f2fs-devel@xxxxxxxxxxxxxxxxxxxxx, linux-mtd@xxxxxxxxxxxxxxxxxxx, linux-api@xxxxxxxxxxxxxxx, linux-crypto@xxxxxxxxxxxxxxx, keyrings@xxxxxxxxxxxxxxx, Paul Crowley <paulcrowley@xxxxxxxxxx>, Satya Tangirala <satyat@xxxxxxxxxx>
User-agent: Mutt/1.10.1 (2018-07-13)

On Thu, Aug 01, 2019 at 11:35:56AM -0700, Eric Biggers wrote:
> 
> "fscrypt lock" actually doesn't exist yet; it's a missing feature.  My patch to
> the fscrypt tool adds it.  So we get to decide on the semantics.  We don't want
> to require root, though; so for v2 policy keys, the real semantics have to be
> that "fscrypt lock" registers the key for the user, and "fscrypt unlock"
> unregisters it for the user.
> 

I meant the other way around, of course: "fscrypt unlock" registers the key for
the user, and "fscrypt lock" unregisters it for the user.

- Eric

References:
- [PATCH v7 00/16] fscrypt: key management improvements
  - From: Eric Biggers
- [PATCH v7 07/16] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
  - From: Eric Biggers
- Re: [PATCH v7 07/16] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
  - From: Theodore Y. Ts'o
- Re: [PATCH v7 07/16] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
  - From: Eric Biggers
- Re: [PATCH v7 07/16] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
  - From: Eric Biggers
- Re: [PATCH v7 07/16] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
  - From: Theodore Y. Ts'o
- Re: [f2fs-dev] [PATCH v7 07/16] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
  - From: Eric Biggers
- Re: [f2fs-dev] [PATCH v7 07/16] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
  - From: Theodore Y. Ts'o
- Re: [PATCH v7 07/16] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
  - From: Eric Biggers

Prev by Date: [PATCH v10 7/7] mm,thp: avoid writes to file with THP in pagecache
Next by Date: Re: [PATCH v9 04/18] kunit: test: add kunit_stream a std::stream like logger
Previous by thread: Re: [PATCH v7 07/16] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
Next by thread: Re: [PATCH v7 07/16] fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl
Index(es):
- Date
- Thread

[Index of Archives] [Linux Ext4 Filesystem] [Union Filesystem] [Filesystem Testing] [Ceph Users] [Ecryptfs] [AutoFS] [Kernel Newbies] [Share Photos] [Security] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux Cachefs] [Reiser Filesystem] [Linux RAID] [Samba] [Device Mapper] [CEPH Development]