diff options
author | Eric Sandeen <sandeen@redhat.com> | 2008-02-06 04:38:34 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-02-06 13:41:12 -0500 |
commit | 2830bfd6cf66133c86d4a32004fd99c3de7e23bf (patch) | |
tree | 51f68453ad6b5a3a75667385369bbd9b5ba8a02c /fs | |
parent | 99db6e4a9764887842006a2b1aa804de6171db42 (diff) |
ecryptfs: remove debug as mount option, and warn if set via modprobe
ecryptfs_debug really should not be a mount option; it is not per-mount,
but rather sets a global "ecryptfs_verbosity" variable which affects all
mounted filesysytems. It's already settable as a module load option,
I think we can leave it at that.
Also, if set, since secret values come out in debug messages, kick
things off with a stern warning.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Acked-by: Mike Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ecryptfs/main.c | 23 | ||||
-rw-r--r-- | fs/ecryptfs/super.c | 4 |
2 files changed, 7 insertions, 20 deletions
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index b67ce83da9f..dc620fc1659 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
@@ -226,17 +226,15 @@ out: | |||
226 | return rc; | 226 | return rc; |
227 | } | 227 | } |
228 | 228 | ||
229 | enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, ecryptfs_opt_debug, | 229 | enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, |
230 | ecryptfs_opt_ecryptfs_debug, ecryptfs_opt_cipher, | 230 | ecryptfs_opt_cipher, ecryptfs_opt_ecryptfs_cipher, |
231 | ecryptfs_opt_ecryptfs_cipher, ecryptfs_opt_ecryptfs_key_bytes, | 231 | ecryptfs_opt_ecryptfs_key_bytes, |
232 | ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata, | 232 | ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata, |
233 | ecryptfs_opt_encrypted_view, ecryptfs_opt_err }; | 233 | ecryptfs_opt_encrypted_view, ecryptfs_opt_err }; |
234 | 234 | ||
235 | static match_table_t tokens = { | 235 | static match_table_t tokens = { |
236 | {ecryptfs_opt_sig, "sig=%s"}, | 236 | {ecryptfs_opt_sig, "sig=%s"}, |
237 | {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"}, | 237 | {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"}, |
238 | {ecryptfs_opt_debug, "debug=%u"}, | ||
239 | {ecryptfs_opt_ecryptfs_debug, "ecryptfs_debug=%u"}, | ||
240 | {ecryptfs_opt_cipher, "cipher=%s"}, | 238 | {ecryptfs_opt_cipher, "cipher=%s"}, |
241 | {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"}, | 239 | {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"}, |
242 | {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"}, | 240 | {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"}, |
@@ -313,7 +311,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) | |||
313 | substring_t args[MAX_OPT_ARGS]; | 311 | substring_t args[MAX_OPT_ARGS]; |
314 | int token; | 312 | int token; |
315 | char *sig_src; | 313 | char *sig_src; |
316 | char *debug_src; | ||
317 | char *cipher_name_dst; | 314 | char *cipher_name_dst; |
318 | char *cipher_name_src; | 315 | char *cipher_name_src; |
319 | char *cipher_key_bytes_src; | 316 | char *cipher_key_bytes_src; |
@@ -341,16 +338,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) | |||
341 | } | 338 | } |
342 | sig_set = 1; | 339 | sig_set = 1; |
343 | break; | 340 | break; |
344 | case ecryptfs_opt_debug: | ||
345 | case ecryptfs_opt_ecryptfs_debug: | ||
346 | debug_src = args[0].from; | ||
347 | ecryptfs_verbosity = | ||
348 | (int)simple_strtol(debug_src, &debug_src, | ||
349 | 0); | ||
350 | ecryptfs_printk(KERN_DEBUG, | ||
351 | "Verbosity set to [%d]" "\n", | ||
352 | ecryptfs_verbosity); | ||
353 | break; | ||
354 | case ecryptfs_opt_cipher: | 341 | case ecryptfs_opt_cipher: |
355 | case ecryptfs_opt_ecryptfs_cipher: | 342 | case ecryptfs_opt_ecryptfs_cipher: |
356 | cipher_name_src = args[0].from; | 343 | cipher_name_src = args[0].from; |
@@ -816,6 +803,10 @@ static int __init ecryptfs_init(void) | |||
816 | "rc = [%d]\n", rc); | 803 | "rc = [%d]\n", rc); |
817 | goto out_release_messaging; | 804 | goto out_release_messaging; |
818 | } | 805 | } |
806 | if (ecryptfs_verbosity > 0) | ||
807 | printk(KERN_CRIT "eCryptfs verbosity set to %d. Secret values " | ||
808 | "will be written to the syslog!\n", ecryptfs_verbosity); | ||
809 | |||
819 | goto out; | 810 | goto out; |
820 | out_release_messaging: | 811 | out_release_messaging: |
821 | ecryptfs_release_messaging(ecryptfs_transport); | 812 | ecryptfs_release_messaging(ecryptfs_transport); |
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c index 0556604e8dc..c27ac2b358a 100644 --- a/fs/ecryptfs/super.c +++ b/fs/ecryptfs/super.c | |||
@@ -174,10 +174,6 @@ static int ecryptfs_show_options(struct seq_file *m, struct vfsmount *mnt) | |||
174 | } | 174 | } |
175 | mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); | 175 | mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); |
176 | 176 | ||
177 | /* Note this is global and probably shouldn't be a mount option */ | ||
178 | if (ecryptfs_verbosity) | ||
179 | seq_printf(m, ",ecryptfs_debug=%d\n", ecryptfs_verbosity); | ||
180 | |||
181 | seq_printf(m, ",ecryptfs_cipher=%s", | 177 | seq_printf(m, ",ecryptfs_cipher=%s", |
182 | mount_crypt_stat->global_default_cipher_name); | 178 | mount_crypt_stat->global_default_cipher_name); |
183 | 179 | ||