Re: [PATCH] f2fs: support access control via key management

From: Christoph Hellwig
Date: Mon Mar 21 2016 - 11:39:51 EST


On Tue, Mar 15, 2016 at 09:37:25AM -0700, Jaegeuk Kim wrote:
> I agree that I must follow FS convention here.
> But, in order to make this clear out, could you please elaborate why this is not
> allowed?
>
> I wrote this patch totally based on per-file encryption in which users cannot
> access their files if they have no right key.
> The only difference is that this controls user access with a key only, neither
> encrypting file data nor dentries.
>
> This was initiated by UX in android letting nobody be able to access the files
> that owner wants to protect by passcode or fingerprint.
>
> Does it make no sense to support this by filesystems?

I don't think it does. But if you want to argue for it you should

a) support it in the VFS
b) document the exact semantics
c) ensure linux-man and linux-api are on the Cc list.