On 2015-08-04 07:46:50, Richard Weinberger wrote: > Tyler, > > Am 04.08.2015 um 01:07 schrieb Tyler Hicks: > >> Okay, then I'd argument to give my patch a try although it is not the solution > >> to the problem I've reported. :-) > >> If you don't mind I'll resend with a proper changelog. > > > > That patch isn't correct since it assumes that all eCryptfs super blocks > > are equal if the lower paths (and, ultimately, the lower inode) are > > equal. However, the lower path is only one of many properties of an > > eCryptfs superblock. For example, the second mount may have been > > configured to use a different file encryption key. > > How would this work if I mount /foo using AES to /mnt_a > and /foo again using 3DES to /mnt_b? > Wouldn't both ecrytpfs instances kill each other's files? No, they shouldn't. Each file contains metadata that describes the cipher, cipher mode, key signature, etc., that was used to encrypt the file. When the file is initially opened, the process must have the correct key in the keyrings that it has access to. After that requirement has been met, eCryptfs is smart enough to parse the metadata and use the correct cipher and mode. The mount options, such as ecryptfs_cipher, only specify what should be used when creating new files. Tyler
Attachment:
signature.asc
Description: Digital signature
