Re: [PATCH RERESEND v9 0/9] fs: interface for directly reading/writing compressed data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, May 18, 2021 at 01:38:08AM -0700, Omar Sandoval wrote:
> Thanks for the detailed response, Ted. I personally don't have a use
> case for reading and writing encrypted data. I only care about skipping
> compression/decompression, but early on it was pointed out that this API
> could potentially also be used for encrypted data. The question at this
> point is: if someone else comes along and solves the problems with
> restoring encrypted filenames, is this interface enough for them to
> restore the encrypted file data? It seems like the answer is yes, with a
> couple of additions to fscrypt. I should've been clearer that I don't
> have concrete plans to do this, I just wanted to leave the door open for
> it so that we don't need a second, very similar interface.

Well, practically speaking, we would need to have a way to extract out
the encrypted file name information; and given that an encrypted file
could have hard links, we need to be able to obtain the encrypted file
name information for the dentry that was used to open that file.  This
arguably should be separate from the encryption information for data
stream itself, so if we want to handwave how we fetch the encrypted
filename info (maybe some magic ioctl, or maybe via using some kind of
magic RWF flag used for reading encrypted directories that are opened
via O_DIRECTORY, which sorta-works like readdir() but also returns
some additional metadata information for each directory entry), sure
it should be possible to use your proposed interface as a starting
point.

I'm not sure we want to try to design all of the details of how to get
the encrypted data plus encryption metadata for the data stream, but
in theory, so long as there is a way to get the encryption metadata,
sure, it could work.  One other approach is to just abuse the xattr
interface, the way we do with Posix ACL's and Capabilities, where the
on-disk format and the format used when we query a file's ACL via the
xattr interface don't necessary have to be identical.  I'm sure that
will result in howls of outrage in some quarters, but this is
something for which we have a precedent.

Cheers,

					- Ted



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux