On Fri, Jul 26, 2019 at 03:41:37PM -0700, Eric Biggers wrote: > From: Eric Biggers <[email protected]> > > By looking up the master keys in a filesystem-level keyring rather than > in the calling processes' key hierarchy, it becomes possible for a user > to set an encryption policy which refers to some key they don't actually > know, then encrypt their files using that key. Cryptographically this > isn't much of a problem, but the semantics of this would be a bit weird. > Thus, enforce that a v2 encryption policy can only be set if the user > has previously added the key, or has capable(CAP_FOWNER). > > We tolerate that this problem will continue to exist for v1 encryption > policies, however; there is no way around that. > > Signed-off-by: Eric Biggers <[email protected]>
Looks good, feel free to add: Reviewed-by: Theodore Ts'o <[email protected]> - Ted _______________________________________________ Linux-f2fs-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
