On Fri, 16 Sep 2016 11:12:13 +1000 Dave Chinner <da...@fromorbit.com> wrote:
> > As of now these patch set supports encryption on per subvolume, as > > managing properties on per subvolume is a kind of core to btrfs, which is > > easier for data center solution-ing, seamlessly persistent and easy to > > manage. > > We've got dmcrypt for this sort of transparent "device level" > encryption. Do we really need another btrfs layer that re-implements > generic, robust, widely deployed, stable functionality? "Btrfs subvolume-level" is far from "device-level", subvolumes are so lightweight and dynamic that they are akin to regular directories for most intents and purposes, not devices or partitions. And yes I'd say (effectively) a directory-level encryption in an FS can be useful; for example encrypting /home, but not the rest of the filesystem, or any other scenarios where only some of the stored data needs to be encrypted, and it's not known in advance what proportion, so it's not convenient to have any static partition or LVM based bounds. Currently this can be achieved with tools like encfs or ecryptfs -- so it's those you'd want to measure Btrfs encryption against, not dmcrypt. -- With respect, Roman
pgpDncVUCrA04.pgp
Description: OpenPGP digital signature
