Received: by 2002:ac0:950c:0:0:0:0:0 with SMTP id f12csp2994262imc; Wed, 13 Mar 2019 06:26:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqx51wD3nAgQXtN2ay+VikCe6Thb4n3EmCXzSuu7nudY6NlpR5n3Q0qOyVomRoEPDOQtX+3Z X-Received: by 2002:aa7:818e:: with SMTP id g14mr1768304pfi.245.1552483592984; Wed, 13 Mar 2019 06:26:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552483592; cv=none; d=google.com; s=arc-20160816; b=WU1Ynu8YJF+bGq8QHpKXGPoI5PqWTh99LCi71kCjvNC8UALcNtbfqPW1xhMO6Grrmo qa+PYBM7tiLu0kfWf9QFSfrQG+I4+XdQqrMo7nAzm4+K3iFQOyH1CnVC+9FQGh3PoUh0 6NNkcI9E3wMUVgdl1OLy4YJ0WRxFzZ2JxT2SK13f62AgRBJkYCYkzXdfsp41HFtpbJxG WdjmGXjmCgBZxTjQ30rVYAuP97w+lMoNzSZVk09IdKlyQeB4pUpRL5n4nljms+IB94pQ yrc7KBDruZm+Kf0aXhT9S9FtuJQIZjO8CqODE6qZsDcI20jnOFOEAf94m1OtxG0K9Yk0 Si4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=rPxTEzqdND7tXogwvkstTPqUI10vrZG5bl4hmfU6CkY=; b=V8eBYWY2A3DApbgtUaXjtwocQ872W3FXysN360VPuqKCAzDQFGMQImIckDKdG6AYcB lY4biq0xlNbnMReLk+WqB0DfK7aZ3HteNW5j0QwhlNTPOTyVUgXdeoXu19LO1DJyYxfy 7XDPCIOQBfuXt+UIidlgoZMouBXltjyz1u0Wqd+dDxbk3t9OSmGadRlQq4D+gi7BzQ7m D+AcdnELcxl2hCOjAvRL1f1sAJL98g7hBcIt26eCipSlKRXq3QCkhFRPeYyf9vb4h1qa BGsXt3DKhmWBZV+yEZBoaRPONFMRVRshqhgni9Uz8/uTuc7+WYuWGQSw2UGGPDpUkRM9 9PPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=L+CH6hrc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a19si9692718pgw.244.2019.03.13.06.26.17; Wed, 13 Mar 2019 06:26:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=L+CH6hrc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726776AbfCMNZA (ORCPT + 99 others); Wed, 13 Mar 2019 09:25:00 -0400 Received: from mail-it1-f176.google.com ([209.85.166.176]:38600 "EHLO mail-it1-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725856AbfCMNY7 (ORCPT ); Wed, 13 Mar 2019 09:24:59 -0400 Received: by mail-it1-f176.google.com with SMTP id k193so2803004ita.3 for ; Wed, 13 Mar 2019 06:24:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=rPxTEzqdND7tXogwvkstTPqUI10vrZG5bl4hmfU6CkY=; b=L+CH6hrckGEQGLcyAvii5uRlLTEe9k0/OP3bS8dR9zjT4UikO7q9Z8wJMJSJjP3uAC UPdMGsw2QiILJ7LW7nm71lioO2v3HPA8KCnm6jh/gQK9Z8DeM5ufi0yxsKveIO9k9Sh7 +TsdxVCLHu6Mg8P40DFMTyZlJcTY/Wl7LKzVo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=rPxTEzqdND7tXogwvkstTPqUI10vrZG5bl4hmfU6CkY=; b=c+/4o39JjBUkY/B/APcwQtOPIszMiv96mxqynSw9SNv319IEFvUvyl+ji1YJMBNRDX wxS1X12iRvBLSK/jiXKXcgA0e1FcyC6Di54P1KKBm5YXH0x1NQ2y6kWLMWjV9IDKiQae syqeGRBYEfxgpxwtWy+W9EhFF16BBUNQIC1gS2Of9+AL9NtGOi/zGa3dYFxyxlPhF6SO Rs9qfPJC+ul6ADjlMKNmopS1aCWGOac5Zmy3YJCkKdWSCfVpeI/pm2wL2mLUnL5zHxPB 4GB4GEAluXgLuS6Irii2bujVGNf112h1ZZrkVcfNrNeGfqhEJcqcNaD1nyje8kxT6TXo kP5Q== X-Gm-Message-State: APjAAAWN08GYh6tGMHw9luQ0xHECsPErtdcIY7HK29mcey+lfs7TyP9K PMFd80GbNCMRDEkVjzik1q6kUAMp1Yd791MbBe1cCw== X-Received: by 2002:a24:4161:: with SMTP id x94mr1627411ita.69.1552483498279; Wed, 13 Mar 2019 06:24:58 -0700 (PDT) MIME-Version: 1.0 References: <4603533.ZIfxmiEf7K@blindfold> <1852545.qrIQg0rEWx@blindfold> <1854703.ve7plDhYWt@blindfold> In-Reply-To: <1854703.ve7plDhYWt@blindfold> From: Miklos Szeredi Date: Wed, 13 Mar 2019 14:24:47 +0100 Message-ID: Subject: Re: overlayfs vs. fscrypt To: Richard Weinberger Cc: linux-fsdevel@vger.kernel.org, linux-fscrypt@vger.kernel.org, overlayfs , linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 13, 2019 at 2:00 PM Richard Weinberger wrote: > > Am Mittwoch, 13. M=C3=A4rz 2019, 13:58:11 CET schrieb Miklos Szeredi: > > On Wed, Mar 13, 2019 at 1:47 PM Richard Weinberger wro= te: > > > > > > Am Mittwoch, 13. M=C3=A4rz 2019, 13:36:02 CET schrieb Miklos Szeredi: > > > > I don't get it. Does fscrypt try to check permissions via > > > > ->d_revalidate? Why is it not doing that via ->permission()? > > > > > > Please let me explain. Suppose we have a fscrypto directory /mnt and > > > I *don't* have the key. > > > > > > When reading the directory contents of /mnt will return an encrypted = filename. > > > e.g. > > > # ls /mnt > > > +mcQ46ne5Y8U6JMV9Wdq2C > > > > Why does showing the encrypted contents make any sense? It could just > > return -EPERM on all operations? > > The use case is that you can delete these files if the DAC/MAC permission= s allow it. > Just like on NTFS. If a user encrypts files, the admin cannot read them b= ut can > remove them if the user is gone or loses the key. There's the underlying filesystem view where admin can delete files, etc. And there's the fscrypt layer stacked on top of the underlying fs, which en/decrypts files *in case the user has the key*. What if one user has a key, but the other one doesn't? Will d_revalidate constantly switch the set of dentries between the encrypted filenames and the decrypted ones? Sounds crazy. And the fact that NTFS does this doesn't make it any less crazy... Thanks, Miklos