Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp2971893imc; Wed, 13 Mar 2019 05:59:05 -0700 (PDT) X-Google-Smtp-Source: APXvYqy1pm7bxg2rQ1C9ANPf1KpSvmCBNaQodWNQvj2aN6oX5E6JJC2dXfYRZj+FfZxaf49zKjLW X-Received: by 2002:a63:94:: with SMTP id 142mr40036063pga.277.1552481945325; Wed, 13 Mar 2019 05:59:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552481945; cv=none; d=google.com; s=arc-20160816; b=LdVNVRXBcgZiQ6A69CQCk8W9Q+ooku8XNumtwj7zMH8gb5cUGgMj1dSgfxg3RhgTua SeqeRdEuPhPl4wqmBnLV+7iYx6Q4auBCWAUSGzOTdrkpyXzpGzSpK7AGn7kAO9K5bwwG FOqqkIuR5SeXL5JsSV05vc3wVxj8UulYy4QdslfX/6A4XlavK68kiEawW3cRpVhSOhnV uociBmB1YVNV+Mr/vnasfUSNyN4tfzhi7FEuW+Yb+s9IBM5MUoDVd2fv1fmC9s3NUovB X6K/3+Pan0hq8iB5Advue4mrxZuIdh+O5Z7cqTjiMUnqCXocBk1E/U262QC5eHAYdtlh bADQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=9/uuxg0Ww1LkBA+4wwTa5RHHcmft7KfFu7X3tJYUIKU=; b=Tdgm9yP3DZ//htiWU+OeIj2pmDPXeIQfGXKifF6DuyrSZLU7mfAEtmao3C7+LAbR2w uJ9moWmuSmTI+szVPn/O+3Sjga+JnXJgRPSXQmw7+CoT1G+Dg50Ra4hHVgaGmbo4128i +1X+odXojj8u9c/8rGSNlpanxQIumtGcf+dykpsqLRvpm5ITMkj1kxEUvvwo7Eb+VOve UedsZIPW9/6FyGoUlODCGpi3Kd2y/i9xy/D4Ee2LAjGG67Cp3fhMSfjZCSebTVIbfsPT tUMyj1sD66fLuMHmc6LL6jjXEUVD/5jEo6PxUA0yYE2D+Vm9PRMnP4/8bzu9638+NirW TeQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=TylU3TSX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e12si9767256pgd.381.2019.03.13.05.58.48; Wed, 13 Mar 2019 05:59:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=TylU3TSX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726396AbfCMM6Y (ORCPT + 99 others); Wed, 13 Mar 2019 08:58:24 -0400 Received: from mail-io1-f50.google.com ([209.85.166.50]:43976 "EHLO mail-io1-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725893AbfCMM6Y (ORCPT ); Wed, 13 Mar 2019 08:58:24 -0400 Received: by mail-io1-f50.google.com with SMTP id y6so1529213ioq.10 for ; Wed, 13 Mar 2019 05:58:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=9/uuxg0Ww1LkBA+4wwTa5RHHcmft7KfFu7X3tJYUIKU=; b=TylU3TSXQDIvwd/x4usABhfKhm65K0XzvSdU//mY6Q2jO2IMJckTUGwX29pCXuuiQT 9wdrFIXhIdQqmL4+M4lymsECCtWrnJQHnBlgACQ/SGgN/GEM2bNYN7LWxAR2FPa9LJmS eE5+pDaKJS0wZZxOeRKEJo/+3fEC2VBZQr9EQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=9/uuxg0Ww1LkBA+4wwTa5RHHcmft7KfFu7X3tJYUIKU=; b=kcs1JEmppzH/1D7bSMvbOfOxCxFK54i+qzgoYIyhEgitzfQd9DoNx461teZPryEyOn UZlXlSl4QgeONQzy7RXO1sMYSNIbgrO13qgg3kvSkWIu/gyqhQhdNYL3TuJSPWzWrc8D SiNGf6z2rFVYpYJi7Dxvwlqz6TNJYyIdgKLZVndtbIWmCiS7ZjgIU+YXRdsX6XAegLIe XN7dXDKSZxATnpzkxpS5+zS3e4fL/VkI+FwAApnHtGMUNE318yVC7zQ7OHaOzd75EKdt KFMBQmVbFe7o3eiKdWbpdPie3Sx24jrwDEo70M9EBXegYoSI2Dou+4CSao2Vxhy8nVc4 MgQg== X-Gm-Message-State: APjAAAVXuFKoAeG1trJCrSaTBMB41H2agCCEAKxl5qvDRoI3GusyvFPX WnRW2PTiOKtiAj22V+ooPo6QsSQ0cUvfPKhIxpC1Dg== X-Received: by 2002:a5e:d803:: with SMTP id l3mr19229267iok.144.1552481902632; Wed, 13 Mar 2019 05:58:22 -0700 (PDT) MIME-Version: 1.0 References: <4603533.ZIfxmiEf7K@blindfold> <1852545.qrIQg0rEWx@blindfold> In-Reply-To: <1852545.qrIQg0rEWx@blindfold> From: Miklos Szeredi Date: Wed, 13 Mar 2019 13:58:11 +0100 Message-ID: Subject: Re: overlayfs vs. fscrypt To: Richard Weinberger Cc: linux-fsdevel@vger.kernel.org, linux-fscrypt@vger.kernel.org, overlayfs , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 13, 2019 at 1:47 PM Richard Weinberger wrote: > > Am Mittwoch, 13. M=C3=A4rz 2019, 13:36:02 CET schrieb Miklos Szeredi: > > I don't get it. Does fscrypt try to check permissions via > > ->d_revalidate? Why is it not doing that via ->permission()? > > Please let me explain. Suppose we have a fscrypto directory /mnt and > I *don't* have the key. > > When reading the directory contents of /mnt will return an encrypted file= name. > e.g. > # ls /mnt > +mcQ46ne5Y8U6JMV9Wdq2C Why does showing the encrypted contents make any sense? It could just return -EPERM on all operations? Thanks, Miklos