Eric Biggers
Eric Biggers
If it's a deliberate design decision, it's wrong. This makes reproducers far too hard to understand. Once the mapping gets replaced, syzkaller will add "syscalls" just to cause itself to...
In this case, the underlying kernel design flaw (userspace can write to pagecache of mounted block device) has already been reported many times by syzbot. So the report provides no...
To be super clear: writing to files is fine. The specific issue is how syzkaller maps a file over the scratch space, and then writes to that file **as a...
It looks like a new option needs to be added to allow specifying the key that unlocks the policy separately from the key that unlocks the protector.
This should work, and it does work on other filesystems. Please report this to the CephFS developers.
Closing as this is now tracked in the CephFS bug tracker https://tracker.ceph.com/issues/63939.
`fscrypt` login protectors are always stored in the root directory, for the reasons mentioned at https://github.com/google/fscrypt/issues/164#issuecomment-554024149. So they're local to the system. I think this is the first time that...
> I think they wanted to rework this, adding a mode that makes no weird keyring restrictions like that. Not sure where that went though. > So it appears this...
FS_IOC_ADD_ENCRYPTION_KEY and FS_IOC_REMOVE_ENCRYPTION_KEY can be used with v1 encryption policies too, but there are some limitations. v2 is needed to get the full benefits. I don't think a migration path...