Re: [PATCH] f2fs: support access control via key management

From: Jaegeuk Kim
Date: Tue Mar 15 2016 - 12:37:32 EST


On Tue, Mar 15, 2016 at 12:24:22AM -0700, Christoph Hellwig wrote:
> On Wed, Mar 09, 2016 at 04:52:48PM -0800, Jaegeuk Kim wrote:
> > Through this patch, user can assign its key into a specific normal files.
> > Then, other users who do not have that key cannot open the files.
> > Later, owner can drop its key from the files for other users to access
> > the files again.
> No magic file system specific access control, please:

I agree that I must follow FS convention here.
But, in order to make this clear out, could you please elaborate why this is not

I wrote this patch totally based on per-file encryption in which users cannot
access their files if they have no right key.
The only difference is that this controls user access with a key only, neither
encrypting file data nor dentries.

This was initiated by UX in android letting nobody be able to access the files
that owner wants to protect by passcode or fingerprint.

Does it make no sense to support this by filesystems?


> Nacked-by: Christoph Hellwig <hch@xxxxxx>