eCryptfs: allow userspace messaging to be disabled

When the userspace messaging (for the less common case of userspace key wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with it removed. This saves on kernel code size and reduces potential attack surface by removing the /dev/ecryptfs node. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
author: Kees Cook <keescook@chromium.org> 2013-02-28 03:39:37 -0500
committer: Tyler Hicks <tyhicks@canonical.com> 2013-03-04 02:59:59 -0500
commit: 290502bee239062499297916bb7d21d205e99d62 (patch)
tree: a9ec1729138c7f71c1c4e3e09ce12cf40db767e3 /fs/ecryptfs/keystore.c
parent: 1111eae90fb64a9d9ed133e410712f1e34fdce4a (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c
index 5aceff202dc0..7d52806c2119 100644
--- a/fs/ecryptfs/keystore.c
+++ b/fs/ecryptfs/keystore.c
@@ -1168,7 +1168,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
        rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
        if (rc) {
                ecryptfs_printk(KERN_ERR, "Error sending message to "
-                                "ecryptfsd\n");
+                                "ecryptfsd: %d\n", rc);
                goto out;
        }
        rc = ecryptfs_wait_for_response(msg_ctx, &msg);
@@ -1988,7 +1988,7 @@ pki_encrypt_session_key(struct key *auth_tok_key,
        rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
        if (rc) {
                ecryptfs_printk(KERN_ERR, "Error sending message to "
-                                "ecryptfsd\n");
+                                "ecryptfsd: %d\n", rc);
                goto out;
        }
        rc = ecryptfs_wait_for_response(msg_ctx, &msg);
author	Kees Cook <keescook@chromium.org>	2013-02-28 03:39:37 -0500
committer	Tyler Hicks <tyhicks@canonical.com>	2013-03-04 02:59:59 -0500
commit	290502bee239062499297916bb7d21d205e99d62 (patch)
tree	a9ec1729138c7f71c1c4e3e09ce12cf40db767e3 /fs/ecryptfs/keystore.c
parent	1111eae90fb64a9d9ed133e410712f1e34fdce4a (diff)

diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index 5aceff202dc0..7d52806c2119 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c
@@ -1168,7 +1168,7 @@ decrypt_pki_encrypted_session_key(struct ecryptfs_auth_tok *auth_tok,
1168	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);	1168	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1169	if (rc) {	1169	if (rc) {
1170	ecryptfs_printk(KERN_ERR, "Error sending message to "	1170	ecryptfs_printk(KERN_ERR, "Error sending message to "
1171	"ecryptfsd\n");	1171	"ecryptfsd: %d\n", rc);
1172	goto out;	1172	goto out;
1173	}	1173	}
1174	rc = ecryptfs_wait_for_response(msg_ctx, &msg);	1174	rc = ecryptfs_wait_for_response(msg_ctx, &msg);
@@ -1988,7 +1988,7 @@ pki_encrypt_session_key(struct key *auth_tok_key,
1988	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);	1988	rc = ecryptfs_send_message(payload, payload_len, &msg_ctx);
1989	if (rc) {	1989	if (rc) {
1990	ecryptfs_printk(KERN_ERR, "Error sending message to "	1990	ecryptfs_printk(KERN_ERR, "Error sending message to "
1991	"ecryptfsd\n");	1991	"ecryptfsd: %d\n", rc);
1992	goto out;	1992	goto out;
1993	}	1993	}
1994	rc = ecryptfs_wait_for_response(msg_ctx, &msg);	1994	rc = ecryptfs_wait_for_response(msg_ctx, &msg);