Eric Biggers
Eric Biggers
I'd prefer `-O encrypt`, though I am biased because I maintain the encryption support. There are kernel and e2fsprogs patches in progress to support `encrypt` and `casefold` together, but they...
> There are kernel and e2fsprogs patches in progress to support `encrypt` and `casefold` together, but they are taking longer than expected. An update on this: ext4 supports `encrypt` and...
> Let's wait for @ebiggers, I think it's close to his area of expertise. Not that close. I don't work on IMA or EVM.
Re-opening this issue because there should be a way to do this. (There might already be a way, but it needs to be documented.)
We already discussed the unlocked directory list when you asked at https://github.com/google/fscrypt/issues/157, and I explained that it isn't really possible given how Linux native filesystem encryption works --- though `fscrypt`...
The following should do it: `make bin/fscrypt` That builds just the `fscrypt` binary, not the PAM module `pam_fscrypt.so`. See https://github.com/google/fscrypt/blob/master/README.md#building-and-installing
This is the same deadlock in the Go runtime that I saw while investigating [why `pam_fscrypt` doesn't work with `sshd`'s ChallengeResponseAuthentication](https://github.com/google/fscrypt/issues/321#issuecomment-998978396). This happens when the process logging in the user...
> Is there a way that pam_fscrypt can detect the situation, and peace out with a explanation if it's present? That would at least address the bad behavior, and put...
While an example spec file could be provided, in the end distros are responsible for their own packaging. Has a Fedora bug been filed to request that `fscrypt` be packaged...
A while ago, 31bc8c843e1862b2d28f31eff85eca3d1dbd4754 added a `FSCRYPT_CONF` environmental variable for testing purposes. I'm not sure whether we should just document that and consider this issue closed, or whether we should...