Re: partially encrypted filesystem

From: Charles Manning
Date: Wed Dec 03 2003 - 21:31:38 EST

> If you don't need to mmap() the files, writing becomes much easier.
> Because then you can make rules like "the page cache accesses always
> happen with the page locked", and then the encryption layer can do the
> encryption in-place.
> So it is potentially much easier to make encrypted files a special case,
> and disallow mmap on them, and also disallow concurrent read/write on
> encrypted files. This may be acceptable for a lot of uses (most programs
> still work without mmap - but you won't be able to encrypt demand-loaded
> binaries, for example).

Is there a useful half-way point here: how about supporting mmap reading but
not mmap writing. JFFS2, which incidentally also does compression, does this
to allow execution of binaries.

-- Charles
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at