On Mon, Oct 15, 2007 at 07:24:11AM +0200, Alon Bar-Lev wrote:
> This key was created using ecryptfs-manager... And I can read the
> contents of it, as any other usermode application. So my conclusion
> is that it is unsecured.
The kernel user session keyring restricts access to the granularity of
Hello,
SELinux is not a solution.
What policy had you considered? That only /usr/bin/ecryptd can access
key contents? What if there are some other applications using this
interface? You need some convention for the key name... Something like
ecryptfs., so that you affect only your keys.
And of c
(adding David Howells and Serge Hallyn to the cc: list because this
deals with the proper use of the keyring and SELinux in protecting
keys)
On Mon, Oct 15, 2007 at 07:23:53PM +0200, Alon Bar-Lev wrote:
> Hello,
>
> SELinux is not a solution.
SELinux can apply types to eCryptfs-related keys in t
On Wed, Oct 10, 2007 at 10:28:50PM +0200, Alon Bar-Lev wrote:
> But it seems we have understand the the official differently, do you
> mean "binary rpm" as official and source tarball as not?
The source tarball that we post on the SourceForge site is the
"official" distribution of ecryptfs-utils.
On 10/15/07, Michael Halcrow <[EMAIL PROTECTED]> wrote:
> (adding David Howells and Serge Hallyn to the cc: list because this
> deals with the proper use of the keyring and SELinux in protecting
> keys)
I will not discuss SELinux, as it is one solution and as most users
don't use it, or don't conf
On Mon, Oct 15, 2007 at 10:23:22PM +0200, Alon Bar-Lev wrote:
> This has nothing to do with TSPI... As you need passphrase to access
> TSPI, right? And what do you do with this passphrase? Having a
> security credentials without "something you know" somewhat make the
> whole idea redundant.
TSPI s
On 10/15/07, Michael Halcrow <[EMAIL PROTECTED]> wrote:
> On Mon, Oct 15, 2007 at 10:23:22PM +0200, Alon Bar-Lev wrote:
> > This has nothing to do with TSPI... As you need passphrase to access
> > TSPI, right? And what do you do with this passphrase? Having a
> > security credentials without "somet
On Wed, Oct 10, 2007 at 10:01:13PM +0200, Alon Bar-Lev wrote:
> Another update to build system. Am am available for you, please free
> to ask any question regarding the autoconf/automake I will try my
> best to provide solutions for any issue you have.
autoreconf -i -v -f on RHEL 5 results in:
--
On Monday 15 October 2007, Michael Halcrow wrote:
> On Wed, Oct 10, 2007 at 10:01:13PM +0200, Alon Bar-Lev wrote:
> > Another update to build system. Am am available for you, please free
> > to ask any question regarding the autoconf/automake I will try my
> > best to provide solutions for any issu
On Monday 15 October 2007, Alon Bar-Lev wrote:
> On Monday 15 October 2007, Michael Halcrow wrote:
> > On Wed, Oct 10, 2007 at 10:01:13PM +0200, Alon Bar-Lev wrote:
> > > Another update to build system. Am am available for you, please free
> > > to ask any question regarding the autoconf/automake I
On Mon, Oct 15, 2007 at 11:35:45PM +0200, Alon Bar-Lev wrote:
> On Monday 15 October 2007, Michael Halcrow wrote:
> > On Wed, Oct 10, 2007 at 10:01:13PM +0200, Alon Bar-Lev wrote:
> > > Another update to build system. Am am available for you, please free
> > > to ask any question regarding the auto
There is a very simple fix for this. The key can be added to the process
keyring instead of the user keyring. A patch will need to be written to
load keys into ecryptfsd when it is started but it should be fairly simple.
Trevor
On 10/15/07, Alon Bar-Lev <[EMAIL PROTECTED]> wrote:
>
> On 10/15/07
On 10/16/07, Trevor Highland <[EMAIL PROTECTED]> wrote:
> There is a very simple fix for this. The key can be added to the process
> keyring instead of the user keyring. A patch will need to be written to
> load keys into ecryptfsd when it is started but it should be fairly simple.
>
> Trevor
Gre
On Tuesday 16 October 2007, Michael Halcrow wrote:
> ecryptfs-utils-27 is available, incorporating the changes you sent
> last week:
>
> http://downloads.sourceforge.net/ecryptfs/ecryptfs-utils-27.tar.bz2
>
> I recently received my kernel.org account, and I will be moving the
> code base to an ac
14 matches
Mail list logo
