Re: [PATCH v3] fscrypt: add support for the encrypted key type

2018-01-29 Thread Eric Biggers
On Thu, Jan 25, 2018 at 04:37:48PM -0800, Eric Biggers wrote: > On Thu, Jan 18, 2018 at 01:13:59PM +, André Draszik wrote: > > -static int validate_user_key(struct fscrypt_info *crypt_info, > > +static inline struct key *fscrypt_get_encrypted_key(const char > > *description) > > +{ > > + if

Re: [PATCH v3] fscrypt: add support for the encrypted key type

2018-01-29 Thread Eric Biggers
On Thu, Jan 25, 2018 at 04:37:48PM -0800, Eric Biggers wrote: > On Thu, Jan 18, 2018 at 01:13:59PM +, André Draszik wrote: > > -static int validate_user_key(struct fscrypt_info *crypt_info, > > +static inline struct key *fscrypt_get_encrypted_key(const char > > *description) > > +{ > > + if

Re: [PATCH v3] fscrypt: add support for the encrypted key type

2018-01-25 Thread Eric Biggers
On Thu, Jan 18, 2018 at 01:13:59PM +, André Draszik wrote: > -static int validate_user_key(struct fscrypt_info *crypt_info, > +static inline struct key *fscrypt_get_encrypted_key(const char *description) > +{ > + if (IS_ENABLED(CONFIG_ENCRYPTED_KEYS)) > + return

Re: [PATCH v3] fscrypt: add support for the encrypted key type

2018-01-25 Thread Eric Biggers
On Thu, Jan 18, 2018 at 01:13:59PM +, André Draszik wrote: > -static int validate_user_key(struct fscrypt_info *crypt_info, > +static inline struct key *fscrypt_get_encrypted_key(const char *description) > +{ > + if (IS_ENABLED(CONFIG_ENCRYPTED_KEYS)) > + return

Re: [PATCH v3] fscrypt: add support for the encrypted key type

2018-01-25 Thread Eric Biggers
On Thu, Jan 18, 2018 at 01:13:59PM +, André Draszik wrote: > fscrypt uses a master key for each directory policy from > which all further keys for that policy are derived, and > at the moment such a master key has to be inserted into > a kernel keyring as a 'logon' key by user-space. > >

Re: [PATCH v3] fscrypt: add support for the encrypted key type

2018-01-25 Thread Eric Biggers
On Thu, Jan 18, 2018 at 01:13:59PM +, André Draszik wrote: > fscrypt uses a master key for each directory policy from > which all further keys for that policy are derived, and > at the moment such a master key has to be inserted into > a kernel keyring as a 'logon' key by user-space. > >

[PATCH v3] fscrypt: add support for the encrypted key type

2018-01-18 Thread André Draszik
fscrypt uses a master key for each directory policy from which all further keys for that policy are derived, and at the moment such a master key has to be inserted into a kernel keyring as a 'logon' key by user-space. While 'logon' keys have the nice property of not being readable by user-space

[PATCH v3] fscrypt: add support for the encrypted key type

2018-01-18 Thread André Draszik
fscrypt uses a master key for each directory policy from which all further keys for that policy are derived, and at the moment such a master key has to be inserted into a kernel keyring as a 'logon' key by user-space. While 'logon' keys have the nice property of not being readable by user-space