Re: [PATCH] xfs_io: implement 'set_encpolicy' and 'get_encpolicy' commands

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Dec 14, 2016, at 6:07 PM, Eric Biggers <ebiggers3@xxxxxxxxx> wrote:
> 
> Hi Eric,
> 
>> On Wed, Dec 14, 2016 at 05:45:49PM -0600, Eric Sandeen wrote:
>>> On 11/28/16 4:18 PM, Eric Biggers wrote:
>>> Add set_encpolicy and get_encpolicy commands to xfs_io so that xfstests
>>> will be able to test filesystem encryption using the actual user API,
>>> not just hacked in with a mount option.  These commands use the common
>>> "fscrypt" API currently implemented by ext4 and f2fs, but it's also
>>> under development for ubifs and planned for xfs.
>>> 
>>> Note that to get encrypted files to actually work, it's also necessary
>>> to add a key to the kernel keyring.  This patch does not add a command
>>> for this to xfs_io because it's possible to do it using keyctl.  keyctl
>>> can also be used to remove keys, revoke keys, invalidate keys, etc.
>> 
>> What is the standard utility for doing this?  I ask because while
>> xfs_io does operate on non-xfs filesystems, this may be the first dedicated
>> command proposed for xfs_io which isn't actually useful on xfs itself.
>> And that seems a little out of place to me at this point.
>> 
>> If it's just for the purpose of facilitating fstests, we do have some
>> single-purpose helpers in src/ in the xfstests repo, as well.
>> 
> 
> The new xfs_io commands are indeed only intended for xfstests.  My original
> proposal was to add a fscrypt_util program to xfstests, but Dave Chinner said
> the commands should be added to xfs_io instead and that it's planned to
> eventually make XFS support the encryption API too.

Oh - I'm sorry I missed that discussion.  I guess I won't argue with Dave on that point, then.  :)
> 
> set_policy and get_policy commands are also available in 'e4crypt', which is
> part of e2fsprogs.  There is also a common userspace utility called 'fscrypt'
> being designed to replace e4crypt.  However, neither of these programs are
> intended to simply expose the raw ioctls.  Therefore, not everything I am
> testing in the new xfstests could be tested with them.
> 
Ok, thanks for the info.  I'll get it reviewed.

Eric

> Eric
> --
> To unsubscribe from this list: send the line "unsubscribe fstests" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-xfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [XFS Filesystem Development (older mail)]     [Linux Filesystem Development]     [Linux Audio Users]     [Yosemite Trails]     [Linux Kernel]     [Linux RAID]     [Linux SCSI]


  Powered by Linux