aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorEric Sandeen <sandeen@redhat.com>2008-02-06 04:38:34 -0500
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2008-02-06 13:41:12 -0500
commit2830bfd6cf66133c86d4a32004fd99c3de7e23bf (patch)
tree51f68453ad6b5a3a75667385369bbd9b5ba8a02c /fs
parent99db6e4a9764887842006a2b1aa804de6171db42 (diff)
ecryptfs: remove debug as mount option, and warn if set via modprobe
ecryptfs_debug really should not be a mount option; it is not per-mount, but rather sets a global "ecryptfs_verbosity" variable which affects all mounted filesysytems. It's already settable as a module load option, I think we can leave it at that. Also, if set, since secret values come out in debug messages, kick things off with a stern warning. Signed-off-by: Eric Sandeen <sandeen@redhat.com> Acked-by: Mike Halcrow <mhalcrow@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/ecryptfs/main.c23
-rw-r--r--fs/ecryptfs/super.c4
2 files changed, 7 insertions, 20 deletions
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index b67ce83da9f..dc620fc1659 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -226,17 +226,15 @@ out:
226 return rc; 226 return rc;
227} 227}
228 228
229enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, ecryptfs_opt_debug, 229enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig,
230 ecryptfs_opt_ecryptfs_debug, ecryptfs_opt_cipher, 230 ecryptfs_opt_cipher, ecryptfs_opt_ecryptfs_cipher,
231 ecryptfs_opt_ecryptfs_cipher, ecryptfs_opt_ecryptfs_key_bytes, 231 ecryptfs_opt_ecryptfs_key_bytes,
232 ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata, 232 ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata,
233 ecryptfs_opt_encrypted_view, ecryptfs_opt_err }; 233 ecryptfs_opt_encrypted_view, ecryptfs_opt_err };
234 234
235static match_table_t tokens = { 235static match_table_t tokens = {
236 {ecryptfs_opt_sig, "sig=%s"}, 236 {ecryptfs_opt_sig, "sig=%s"},
237 {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"}, 237 {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"},
238 {ecryptfs_opt_debug, "debug=%u"},
239 {ecryptfs_opt_ecryptfs_debug, "ecryptfs_debug=%u"},
240 {ecryptfs_opt_cipher, "cipher=%s"}, 238 {ecryptfs_opt_cipher, "cipher=%s"},
241 {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"}, 239 {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"},
242 {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"}, 240 {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"},
@@ -313,7 +311,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
313 substring_t args[MAX_OPT_ARGS]; 311 substring_t args[MAX_OPT_ARGS];
314 int token; 312 int token;
315 char *sig_src; 313 char *sig_src;
316 char *debug_src;
317 char *cipher_name_dst; 314 char *cipher_name_dst;
318 char *cipher_name_src; 315 char *cipher_name_src;
319 char *cipher_key_bytes_src; 316 char *cipher_key_bytes_src;
@@ -341,16 +338,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options)
341 } 338 }
342 sig_set = 1; 339 sig_set = 1;
343 break; 340 break;
344 case ecryptfs_opt_debug:
345 case ecryptfs_opt_ecryptfs_debug:
346 debug_src = args[0].from;
347 ecryptfs_verbosity =
348 (int)simple_strtol(debug_src, &debug_src,
349 0);
350 ecryptfs_printk(KERN_DEBUG,
351 "Verbosity set to [%d]" "\n",
352 ecryptfs_verbosity);
353 break;
354 case ecryptfs_opt_cipher: 341 case ecryptfs_opt_cipher:
355 case ecryptfs_opt_ecryptfs_cipher: 342 case ecryptfs_opt_ecryptfs_cipher:
356 cipher_name_src = args[0].from; 343 cipher_name_src = args[0].from;
@@ -816,6 +803,10 @@ static int __init ecryptfs_init(void)
816 "rc = [%d]\n", rc); 803 "rc = [%d]\n", rc);
817 goto out_release_messaging; 804 goto out_release_messaging;
818 } 805 }
806 if (ecryptfs_verbosity > 0)
807 printk(KERN_CRIT "eCryptfs verbosity set to %d. Secret values "
808 "will be written to the syslog!\n", ecryptfs_verbosity);
809
819 goto out; 810 goto out;
820out_release_messaging: 811out_release_messaging:
821 ecryptfs_release_messaging(ecryptfs_transport); 812 ecryptfs_release_messaging(ecryptfs_transport);
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c
index 0556604e8dc..c27ac2b358a 100644
--- a/fs/ecryptfs/super.c
+++ b/fs/ecryptfs/super.c
@@ -174,10 +174,6 @@ static int ecryptfs_show_options(struct seq_file *m, struct vfsmount *mnt)
174 } 174 }
175 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); 175 mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex);
176 176
177 /* Note this is global and probably shouldn't be a mount option */
178 if (ecryptfs_verbosity)
179 seq_printf(m, ",ecryptfs_debug=%d\n", ecryptfs_verbosity);
180
181 seq_printf(m, ",ecryptfs_cipher=%s", 177 seq_printf(m, ",ecryptfs_cipher=%s",
182 mount_crypt_stat->global_default_cipher_name); 178 mount_crypt_stat->global_default_cipher_name);
183 179