| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Add SPDX license identifiers to all Make/Kconfig files which:
- Have no license information of any form
These files fall under the project license, GPL v2 only. The resulting SPDX
license identifier is:
GPL-2.0-only
Signed-off-by: Thomas Gleixner <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
When the userspace messaging (for the less common case of userspace key
wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with
it removed. This saves on kernel code size and reduces potential attack
surface by removing the /dev/ecryptfs node.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Tyler Hicks <[email protected]>
|
|
The netlink transport code has not worked for a while and the miscdev
transport is a simpler solution. This patch removes the netlink code and
makes the miscdev transport the only eCryptfs kernel to userspace
transport.
Signed-off-by: Tyler Hicks <[email protected]>
Cc: Michael Halcrow <[email protected]>
Cc: Dustin Kirkland <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
eCryptfs would really like to have read-write access to all files in the
lower filesystem. Right now, the persistent lower file may be opened
read-only if the attempt to open it read-write fails. One way to keep
from having to do that is to have a privileged kthread that can open the
lower persistent file on behalf of the user opening the eCryptfs file;
this patch implements this functionality.
This patch will properly allow a less-privileged user to open the eCryptfs
file, followed by a more-privileged user opening the eCryptfs file, with
the first user only being able to read and the second user being able to
both read and write. eCryptfs currently does this wrong; it will wind up
calling vfs_write() on a file that was opened read-only. This is fixed in
this patch.
Signed-off-by: Michael Halcrow <[email protected]>
Cc: Dave Kleikamp <[email protected]>
Cc: Serge Hallyn <[email protected]>
Cc: Eric Sandeen <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Update the versioning information. Make the message types generic. Add an
outgoing message queue to the daemon struct. Make the functions to parse
and write the packet lengths available to the rest of the module. Add
functions to create and destroy the daemon structs. Clean up some of the
comments and make the code a little more consistent with itself.
[[email protected]: printk fixes]
Signed-off-by: Michael Halcrow <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Add a set of functions through which all I/O to lower files is consolidated.
This patch adds a new inode_info reference to a persistent lower file for each
eCryptfs inode; another patch later in this series will set that up. This
persistent lower file is what the read_write.c functions use to call
vfs_read() and vfs_write() on the lower filesystem, so even when reads and
writes come in through aops->readpage and aops->writepage, we can satisfy them
without resorting to direct access to the lower inode's address space.
Several function declarations are going to be changing with this patchset.
For now, in order to keep from breaking the build, I am putting dummy
parameters in for those functions.
Signed-off-by: Michael Halcrow <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Public key support code. This reads and writes packets in the header that
contain public key encrypted file keys. It calls the messaging code in the
previous patch to send and receive encryption and decryption request
packets from the userspace daemon.
[[email protected]: cleab fix]
Signed-off-by: Michael Halcrow <[email protected]>
Cc: David Howells <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
eCryptfs is a stacked cryptographic filesystem for Linux. It is derived from
Erez Zadok's Cryptfs, implemented through the FiST framework for generating
stacked filesystems. eCryptfs extends Cryptfs to provide advanced key
management and policy features. eCryptfs stores cryptographic metadata in the
header of each file written, so that encrypted files can be copied between
hosts; the file will be decryptable with the proper key, and there is no need
to keep track of any additional information aside from what is already in the
encrypted file itself.
[[email protected]: updates for ongoing API changes]
[[email protected]: cleanups]
[[email protected]: alpha build fix]
[[email protected]: cleanups]
[[email protected]: inode-diet updates]
[[email protected]: generic_file_*_read/write() interface updates]
[[email protected]: printk format fixes]
[[email protected]: make slab creation and teardown table-driven]
Signed-off-by: Phillip Hellewell <[email protected]>
Signed-off-by: Michael Halcrow <[email protected]>
Signed-off-by: Erez Zadok <[email protected]>
Signed-off-by: Adrian Bunk <[email protected]>
Signed-off-by: Stephan Mueller <[email protected]>
Signed-off-by: "Theodore Ts'o" <[email protected]>
Signed-off-by: Badari Pulavarty <[email protected]>
Signed-off-by: Randy Dunlap <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|