• Tyler Hicks's avatar
    eCryptfs: Force RO mount when encrypted view is enabled · c1b5e3f8
    Tyler Hicks authored
    commit 332b122d upstream.
    
    The ecryptfs_encrypted_view mount option greatly changes the
    functionality of an eCryptfs mount. Instead of encrypting and decrypting
    lower files, it provides a unified view of the encrypted files in the
    lower filesystem. The presence of the ecryptfs_encrypted_view mount
    option is intended to force a read-only mount and modifying files is not
    supported when the feature is in use. See the following commit for more
    information:
    
      e77a56dd [PATCH] eCryptfs: Encrypted passthrough
    
    This patch forces the mount to be read-only when the
    ecryptfs_encrypted_view mount option is specified by setting the
    MS_RDONLY flag on the superblock. Additionally, this patch removes some
    broken logic in ecryptfs_open() that attempted to prevent modifications
    of files when the encrypted view feature was in use. The check in
    ecryptfs_open() was not sufficient to prevent file modifications using
    system calls that do not operate on a file descriptor.
    Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
    Reported-by: default avatarPriya Bansal <p.bansal@samsung.com>
    Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
    c1b5e3f8
main.c 25.3 KB