diff options
| author | Eric Sandeen <sandeen@redhat.com> | 2008-02-06 04:38:34 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2008-02-06 13:41:12 -0500 |
| commit | 2830bfd6cf66133c86d4a32004fd99c3de7e23bf (patch) | |
| tree | 51f68453ad6b5a3a75667385369bbd9b5ba8a02c /fs/ecryptfs | |
| parent | 99db6e4a9764887842006a2b1aa804de6171db42 (diff) | |
ecryptfs: remove debug as mount option, and warn if set via modprobe
ecryptfs_debug really should not be a mount option; it is not per-mount,
but rather sets a global "ecryptfs_verbosity" variable which affects all
mounted filesysytems. It's already settable as a module load option,
I think we can leave it at that.
Also, if set, since secret values come out in debug messages, kick
things off with a stern warning.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Acked-by: Mike Halcrow <mhalcrow@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ecryptfs')
| -rw-r--r-- | fs/ecryptfs/main.c | 23 | ||||
| -rw-r--r-- | fs/ecryptfs/super.c | 4 |
2 files changed, 7 insertions, 20 deletions
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index b67ce83da9fc..dc620fc16595 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
| @@ -226,17 +226,15 @@ out: | |||
| 226 | return rc; | 226 | return rc; |
| 227 | } | 227 | } |
| 228 | 228 | ||
| 229 | enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, ecryptfs_opt_debug, | 229 | enum { ecryptfs_opt_sig, ecryptfs_opt_ecryptfs_sig, |
| 230 | ecryptfs_opt_ecryptfs_debug, ecryptfs_opt_cipher, | 230 | ecryptfs_opt_cipher, ecryptfs_opt_ecryptfs_cipher, |
| 231 | ecryptfs_opt_ecryptfs_cipher, ecryptfs_opt_ecryptfs_key_bytes, | 231 | ecryptfs_opt_ecryptfs_key_bytes, |
| 232 | ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata, | 232 | ecryptfs_opt_passthrough, ecryptfs_opt_xattr_metadata, |
| 233 | ecryptfs_opt_encrypted_view, ecryptfs_opt_err }; | 233 | ecryptfs_opt_encrypted_view, ecryptfs_opt_err }; |
| 234 | 234 | ||
| 235 | static match_table_t tokens = { | 235 | static match_table_t tokens = { |
| 236 | {ecryptfs_opt_sig, "sig=%s"}, | 236 | {ecryptfs_opt_sig, "sig=%s"}, |
| 237 | {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"}, | 237 | {ecryptfs_opt_ecryptfs_sig, "ecryptfs_sig=%s"}, |
| 238 | {ecryptfs_opt_debug, "debug=%u"}, | ||
| 239 | {ecryptfs_opt_ecryptfs_debug, "ecryptfs_debug=%u"}, | ||
| 240 | {ecryptfs_opt_cipher, "cipher=%s"}, | 238 | {ecryptfs_opt_cipher, "cipher=%s"}, |
| 241 | {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"}, | 239 | {ecryptfs_opt_ecryptfs_cipher, "ecryptfs_cipher=%s"}, |
| 242 | {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"}, | 240 | {ecryptfs_opt_ecryptfs_key_bytes, "ecryptfs_key_bytes=%u"}, |
| @@ -313,7 +311,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) | |||
| 313 | substring_t args[MAX_OPT_ARGS]; | 311 | substring_t args[MAX_OPT_ARGS]; |
| 314 | int token; | 312 | int token; |
| 315 | char *sig_src; | 313 | char *sig_src; |
| 316 | char *debug_src; | ||
| 317 | char *cipher_name_dst; | 314 | char *cipher_name_dst; |
| 318 | char *cipher_name_src; | 315 | char *cipher_name_src; |
| 319 | char *cipher_key_bytes_src; | 316 | char *cipher_key_bytes_src; |
| @@ -341,16 +338,6 @@ static int ecryptfs_parse_options(struct super_block *sb, char *options) | |||
| 341 | } | 338 | } |
| 342 | sig_set = 1; | 339 | sig_set = 1; |
| 343 | break; | 340 | break; |
| 344 | case ecryptfs_opt_debug: | ||
| 345 | case ecryptfs_opt_ecryptfs_debug: | ||
| 346 | debug_src = args[0].from; | ||
| 347 | ecryptfs_verbosity = | ||
| 348 | (int)simple_strtol(debug_src, &debug_src, | ||
| 349 | 0); | ||
| 350 | ecryptfs_printk(KERN_DEBUG, | ||
| 351 | "Verbosity set to [%d]" "\n", | ||
| 352 | ecryptfs_verbosity); | ||
| 353 | break; | ||
| 354 | case ecryptfs_opt_cipher: | 341 | case ecryptfs_opt_cipher: |
| 355 | case ecryptfs_opt_ecryptfs_cipher: | 342 | case ecryptfs_opt_ecryptfs_cipher: |
| 356 | cipher_name_src = args[0].from; | 343 | cipher_name_src = args[0].from; |
| @@ -816,6 +803,10 @@ static int __init ecryptfs_init(void) | |||
| 816 | "rc = [%d]\n", rc); | 803 | "rc = [%d]\n", rc); |
| 817 | goto out_release_messaging; | 804 | goto out_release_messaging; |
| 818 | } | 805 | } |
| 806 | if (ecryptfs_verbosity > 0) | ||
| 807 | printk(KERN_CRIT "eCryptfs verbosity set to %d. Secret values " | ||
| 808 | "will be written to the syslog!\n", ecryptfs_verbosity); | ||
| 809 | |||
| 819 | goto out; | 810 | goto out; |
| 820 | out_release_messaging: | 811 | out_release_messaging: |
| 821 | ecryptfs_release_messaging(ecryptfs_transport); | 812 | ecryptfs_release_messaging(ecryptfs_transport); |
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c index 0556604e8dc2..c27ac2b358a1 100644 --- a/fs/ecryptfs/super.c +++ b/fs/ecryptfs/super.c | |||
| @@ -174,10 +174,6 @@ static int ecryptfs_show_options(struct seq_file *m, struct vfsmount *mnt) | |||
| 174 | } | 174 | } |
| 175 | mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); | 175 | mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); |
| 176 | 176 | ||
| 177 | /* Note this is global and probably shouldn't be a mount option */ | ||
| 178 | if (ecryptfs_verbosity) | ||
| 179 | seq_printf(m, ",ecryptfs_debug=%d\n", ecryptfs_verbosity); | ||
| 180 | |||
| 181 | seq_printf(m, ",ecryptfs_cipher=%s", | 177 | seq_printf(m, ",ecryptfs_cipher=%s", |
| 182 | mount_crypt_stat->global_default_cipher_name); | 178 | mount_crypt_stat->global_default_cipher_name); |
| 183 | 179 | ||