diff options
| author | Michael Halcrow <mhalcrow@us.ibm.com> | 2007-02-12 03:53:47 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-02-12 12:48:36 -0500 |
| commit | e77a56ddceeec87575a13a60fc1a394af6a1f4bc (patch) | |
| tree | 8be21cc4afbc0596716bc9d4d8dd145dd8c74252 /fs/ecryptfs/file.c | |
| parent | dd2a3b7ad98f8482cae481cad89dfed5eee48365 (diff) | |
[PATCH] eCryptfs: Encrypted passthrough
Provide an option to provide a view of the encrypted files such that the
metadata is always in the header of the files, regardless of whether the
metadata is actually in the header or in the extended attribute. This mode of
operation is useful for applications like incremental backup utilities that do
not preserve the extended attributes when directly accessing the lower files.
With this option enabled, the files under the eCryptfs mount point will be
read-only.
Signed-off-by: Michael Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ecryptfs/file.c')
| -rw-r--r-- | fs/ecryptfs/file.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c index f22c3a73485c..652ed772a9be 100644 --- a/fs/ecryptfs/file.c +++ b/fs/ecryptfs/file.c | |||
| @@ -250,6 +250,17 @@ static int ecryptfs_open(struct inode *inode, struct file *file) | |||
| 250 | struct ecryptfs_file_info *file_info; | 250 | struct ecryptfs_file_info *file_info; |
| 251 | int lower_flags; | 251 | int lower_flags; |
| 252 | 252 | ||
| 253 | mount_crypt_stat = &ecryptfs_superblock_to_private( | ||
| 254 | ecryptfs_dentry->d_sb)->mount_crypt_stat; | ||
| 255 | if ((mount_crypt_stat->flags & ECRYPTFS_ENCRYPTED_VIEW_ENABLED) | ||
| 256 | && ((file->f_flags & O_WRONLY) || (file->f_flags & O_RDWR) | ||
| 257 | || (file->f_flags & O_CREAT) || (file->f_flags & O_TRUNC) | ||
| 258 | || (file->f_flags & O_APPEND))) { | ||
| 259 | printk(KERN_WARNING "Mount has encrypted view enabled; " | ||
| 260 | "files may only be read\n"); | ||
| 261 | rc = -EPERM; | ||
| 262 | goto out; | ||
| 263 | } | ||
| 253 | /* Released in ecryptfs_release or end of function if failure */ | 264 | /* Released in ecryptfs_release or end of function if failure */ |
| 254 | file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL); | 265 | file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL); |
| 255 | ecryptfs_set_file_private(file, file_info); | 266 | ecryptfs_set_file_private(file, file_info); |
| @@ -261,8 +272,6 @@ static int ecryptfs_open(struct inode *inode, struct file *file) | |||
| 261 | } | 272 | } |
| 262 | lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); | 273 | lower_dentry = ecryptfs_dentry_to_lower(ecryptfs_dentry); |
| 263 | crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; | 274 | crypt_stat = &ecryptfs_inode_to_private(inode)->crypt_stat; |
| 264 | mount_crypt_stat = &ecryptfs_superblock_to_private( | ||
| 265 | ecryptfs_dentry->d_sb)->mount_crypt_stat; | ||
| 266 | mutex_lock(&crypt_stat->cs_mutex); | 275 | mutex_lock(&crypt_stat->cs_mutex); |
| 267 | if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) { | 276 | if (!ECRYPTFS_CHECK_FLAG(crypt_stat->flags, ECRYPTFS_POLICY_APPLIED)) { |
| 268 | ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n"); | 277 | ecryptfs_printk(KERN_DEBUG, "Setting flags for stat...\n"); |