Re: partially encrypted filesystem

From: Charles Manning
Date: Wed Dec 03 2003 - 21:31:38 EST

Next message: Greg KH: "Re: Why is hotplug a kernel helper?"
Previous message: Linus Torvalds: "Re: partially encrypted filesystem"
In reply to: H. Peter Anvin: "Re: partially encrypted filesystem"
Next in thread: Jörn Engel: "Re: partially encrypted filesystem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> ** NOTE NOTE NOTE **
>
> If you don't need to mmap() the files, writing becomes much easier.
> Because then you can make rules like "the page cache accesses always
> happen with the page locked", and then the encryption layer can do the
> encryption in-place.
>
> So it is potentially much easier to make encrypted files a special case,
> and disallow mmap on them, and also disallow concurrent read/write on
> encrypted files. This may be acceptable for a lot of uses (most programs
> still work without mmap - but you won't be able to encrypt demand-loaded
> binaries, for example).
>

Is there a useful half-way point here: how about supporting mmap reading but
not mmap writing. JFFS2, which incidentally also does compression, does this
to allow execution of binaries.

-- Charles
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: Why is hotplug a kernel helper?"
Previous message: Linus Torvalds: "Re: partially encrypted filesystem"
In reply to: H. Peter Anvin: "Re: partially encrypted filesystem"
Next in thread: Jörn Engel: "Re: partially encrypted filesystem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]