Isn't it time for the encrypted file system???
Christopher Blizzard
blizzard at redhat.com
Sat Mar 25 15:38:30 UTC 2006
David Zeuthen wrote:
> (btw, for FC6 and GNOME 2.16 I hope to have a very simple formatting /
> partitioning tool for drives which will include setting up LUKS
> partitions - and it won't do silly things like requiring the root
> password (in the default install; will be configurable) for at least
> removable and hotpluggable media. Of course I can't promise to have this
> done for FC6 as I presently do most of this in my spare time...)
Is there any chance that we can come up with something that doesn't
require something that's block-level and requires repartitioning? The
migration path pretty much sucks if we don't try for something else.
Hmm. Can we do something like this when someone sets up an encrypted
home directory:
o Identify all the files that descend from that user's home directory
o Identify all the blocks that are associated with those files
o Encrypt those blocks
The trick here is that every file below that tree also has to be
encrypted over time. Maybe we could use some interesting mix of xattrs
and kernel hooks when you open one of the xattributed files? Doesn't
selinux have some hooks like this? (Everything below this directory has
policy X...)
--Chris
More information about the Fedora-maintainers
mailing list