diff options
| author | Kees Cook <keescook@chromium.org> | 2013-02-28 03:39:37 -0500 |
|---|---|---|
| committer | Tyler Hicks <tyhicks@canonical.com> | 2013-03-04 02:59:59 -0500 |
| commit | 290502bee239062499297916bb7d21d205e99d62 (patch) | |
| tree | a9ec1729138c7f71c1c4e3e09ce12cf40db767e3 /include/linux/ecryptfs.h | |
| parent | 1111eae90fb64a9d9ed133e410712f1e34fdce4a (diff) | |
eCryptfs: allow userspace messaging to be disabled
When the userspace messaging (for the less common case of userspace key
wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with
it removed. This saves on kernel code size and reduces potential attack
surface by removing the /dev/ecryptfs node.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Diffstat (limited to 'include/linux/ecryptfs.h')
| -rw-r--r-- | include/linux/ecryptfs.h | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/include/linux/ecryptfs.h b/include/linux/ecryptfs.h index 2224a8c0cb64..8d5ab998a222 100644 --- a/include/linux/ecryptfs.h +++ b/include/linux/ecryptfs.h | |||
| @@ -6,9 +6,8 @@ | |||
| 6 | #define ECRYPTFS_VERSION_MINOR 0x04 | 6 | #define ECRYPTFS_VERSION_MINOR 0x04 |
| 7 | #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03 | 7 | #define ECRYPTFS_SUPPORTED_FILE_VERSION 0x03 |
| 8 | /* These flags indicate which features are supported by the kernel | 8 | /* These flags indicate which features are supported by the kernel |
| 9 | * module; userspace tools such as the mount helper read | 9 | * module; userspace tools such as the mount helper read the feature |
| 10 | * ECRYPTFS_VERSIONING_MASK from a sysfs handle in order to determine | 10 | * bits from a sysfs handle in order to determine how to behave. */ |
| 11 | * how to behave. */ | ||
| 12 | #define ECRYPTFS_VERSIONING_PASSPHRASE 0x00000001 | 11 | #define ECRYPTFS_VERSIONING_PASSPHRASE 0x00000001 |
| 13 | #define ECRYPTFS_VERSIONING_PUBKEY 0x00000002 | 12 | #define ECRYPTFS_VERSIONING_PUBKEY 0x00000002 |
| 14 | #define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004 | 13 | #define ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH 0x00000004 |
| @@ -19,13 +18,6 @@ | |||
| 19 | #define ECRYPTFS_VERSIONING_HMAC 0x00000080 | 18 | #define ECRYPTFS_VERSIONING_HMAC 0x00000080 |
| 20 | #define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION 0x00000100 | 19 | #define ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION 0x00000100 |
| 21 | #define ECRYPTFS_VERSIONING_GCM 0x00000200 | 20 | #define ECRYPTFS_VERSIONING_GCM 0x00000200 |
| 22 | #define ECRYPTFS_VERSIONING_MASK (ECRYPTFS_VERSIONING_PASSPHRASE \ | ||
| 23 | | ECRYPTFS_VERSIONING_PLAINTEXT_PASSTHROUGH \ | ||
| 24 | | ECRYPTFS_VERSIONING_PUBKEY \ | ||
| 25 | | ECRYPTFS_VERSIONING_XATTR \ | ||
| 26 | | ECRYPTFS_VERSIONING_MULTKEY \ | ||
| 27 | | ECRYPTFS_VERSIONING_DEVMISC \ | ||
| 28 | | ECRYPTFS_VERSIONING_FILENAME_ENCRYPTION) | ||
| 29 | #define ECRYPTFS_MAX_PASSWORD_LENGTH 64 | 21 | #define ECRYPTFS_MAX_PASSWORD_LENGTH 64 |
| 30 | #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH | 22 | #define ECRYPTFS_MAX_PASSPHRASE_BYTES ECRYPTFS_MAX_PASSWORD_LENGTH |
| 31 | #define ECRYPTFS_SALT_SIZE 8 | 23 | #define ECRYPTFS_SALT_SIZE 8 |