Re: [RFD] Common userspace tool for fscypto

2016-12-02 Thread Eric Biggers
On Wed, Nov 30, 2016 at 09:27:28AM +0100, Richard Weinberger wrote: > > BTW: This limitations needs to be clearly documented somewhere. > Usually an user thinks that only she can access encrypted files... > > Thanks, > //richard For what it's worth, I've been making a few updates to the public d

Re: [RFD] Common userspace tool for fscypto

2016-11-30 Thread Theodore Ts'o
On Tue, Nov 29, 2016 at 10:59:28PM +0100, Richard Weinberger wrote: > Thanks for your quick response! > I hoped you had already some code, but having a decent design document > is also nice. I'm eager to read it. To be clear, the design document which Joe is working on is only addressing a new way

Re: [RFD] Common userspace tool for fscypto

2016-11-30 Thread Richard Weinberger
Eric, On 30.11.2016 01:04, Eric Biggers wrote: > On Tue, Nov 29, 2016 at 10:59:28PM +0100, Richard Weinberger wrote: >> >> Do you also plan to address d/page cache related issues? >> i.e. when two users are logged into the system user rw >> is able to see decrypted file names and contents in /home

Re: [RFD] Common userspace tool for fscypto

2016-11-29 Thread Eric Biggers
On Tue, Nov 29, 2016 at 10:59:28PM +0100, Richard Weinberger wrote: > > Do you also plan to address d/page cache related issues? > i.e. when two users are logged into the system user rw > is able to see decrypted file names and contents in /home/dags/ > if user dags installs a key and accessed a f

Re: [RFD] Common userspace tool for fscypto

2016-11-29 Thread Richard Weinberger
Joe, On 29.11.2016 22:42, Joe Richey wrote: > Hi Richard, > > I'm Joe Richey, and I work on Mike's team. We've been playing around > with a few design > ideas regarding a tool for managing filesystem encryption. After going > though some iterations > with Ted, we have a fairly good idea about whe

Re: [RFD] Common userspace tool for fscypto

2016-11-29 Thread Joe Richey
Hi Richard, I'm Joe Richey, and I work on Mike's team. We've been playing around with a few design ideas regarding a tool for managing filesystem encryption. After going though some iterations with Ted, we have a fairly good idea about where to head design wise, and I'm working on a design documen

Re: [RFD] Common userspace tool for fscypto

2016-11-29 Thread Richard Weinberger
Michael, On 19.10.2016 19:36, Michael Halcrow wrote: >> That said, what about implementing such a tool as part of util-linux to >> control >> fscrypto? We (David and I) would volunteer. > > While discussing several changes we have staged for release (we're > trying to minimize churn by batching

Re: [RFD] Common userspace tool for fscypto

2016-10-24 Thread Theodore Ts'o
On Mon, Oct 24, 2016 at 02:49:37PM +0200, Karel Zak wrote: > > That said, what about implementing such a tool as part of util-linux to > > control > > fscrypto? We (David and I) would volunteer. > > I have nothing against this plan (add to util-linux) if ext4, f2fs and > ubifs guys agree too. Ou

Re: [RFD] Common userspace tool for fscypto

2016-10-24 Thread Karel Zak
On Wed, Oct 19, 2016 at 01:35:54PM +0200, Richard Weinberger wrote: > Hi! > > Since file level encryption has more than one user, currently ext4, f2fs and > soon ubifs > it would be nice to have a single tool to control fscrypto from userspace. > > For ext4 we have already at least two tools, on

Re: [RFD] Common userspace tool for fscypto

2016-10-24 Thread Richard Weinberger
Michael, On 19.10.2016 19:36, Michael Halcrow wrote: > On Wed, Oct 19, 2016 at 4:35 AM, Richard Weinberger wrote: >> Hi! >> >> Since file level encryption has more than one user, currently ext4, f2fs and >> soon ubifs >> it would be nice to have a single tool to control fscrypto from userspace.

Re: [RFD] Common userspace tool for fscypto

2016-10-19 Thread Michael Halcrow
On Wed, Oct 19, 2016 at 4:35 AM, Richard Weinberger wrote: > Hi! > > Since file level encryption has more than one user, currently ext4, f2fs and > soon ubifs > it would be nice to have a single tool to control fscrypto from userspace. > > For ext4 we have already at least two tools, one as part

[RFD] Common userspace tool for fscypto

2016-10-19 Thread Richard Weinberger
Hi! Since file level encryption has more than one user, currently ext4, f2fs and soon ubifs it would be nice to have a single tool to control fscrypto from userspace. For ext4 we have already at least two tools, one as part of e2fsprogs and another one on github[0]. IMHO the latter one is much