On Tue, Oct 21, 2008 at 10:42:16AM +0200, Roberto Sassu wrote: > i have a question. An application want to access an ecryptfs > protected file; then Ecryptfs retrieves the metadata bound to the > file and decrypts the FEK using a matched key in the user keyring; > finally Ecryptfs setup a cryptographic context and the inode for the > requested file becomes active. The file can be read from all > applications that have permission using the same cryptographic > context, if i'm not wrong. There's a way to block at this point the > decryption using for example a per-application policy?
This sort of access control is exactly what SE Linux is designed to provide. http://ecryptfs.sourceforge.net/ecryptfs-faq.html#no-ecryptfsac
pgphrXwTmlM23.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ eCryptfs-users mailing list eCryptfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ecryptfs-users