Message ID | 20210817140439.1442-1-lhenriques@suse.de (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [fscrypt,RFC,v2] ceph: don't allow changing layout on encrypted files/directories | expand |
On Tue, 2021-08-17 at 15:04 +0100, Luis Henriques wrote: > Encryption is currently only supported on files/directories with layouts > where stripe_count=1. Forbid changing layouts when encryption is involved. > > Signed-off-by: Luis Henriques <lhenriques@suse.de> > --- > Changes since v1: > - dropped changes to ceph_sync_setxattr(), MDS shall be responsible for > preventing layout changes on encrypted dirs/files > > fs/ceph/ioctl.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c > index 477ecc667aee..480d18bb2ff0 100644 > --- a/fs/ceph/ioctl.c > +++ b/fs/ceph/ioctl.c > @@ -294,6 +294,10 @@ static long ceph_set_encryption_policy(struct file *file, unsigned long arg) > struct inode *inode = file_inode(file); > struct ceph_inode_info *ci = ceph_inode(inode); > > + /* encrypted directories can't have striped layout */ > + if (ci->i_layout.stripe_count > 1) > + return -EINVAL; > + > ret = vet_mds_for_fscrypt(file); > if (ret) > return ret; Thanks Luis. I've gone ahead and merged this into my fscrypt pile.
diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c index 477ecc667aee..480d18bb2ff0 100644 --- a/fs/ceph/ioctl.c +++ b/fs/ceph/ioctl.c @@ -294,6 +294,10 @@ static long ceph_set_encryption_policy(struct file *file, unsigned long arg) struct inode *inode = file_inode(file); struct ceph_inode_info *ci = ceph_inode(inode); + /* encrypted directories can't have striped layout */ + if (ci->i_layout.stripe_count > 1) + return -EINVAL; + ret = vet_mds_for_fscrypt(file); if (ret) return ret;
Encryption is currently only supported on files/directories with layouts where stripe_count=1. Forbid changing layouts when encryption is involved. Signed-off-by: Luis Henriques <lhenriques@suse.de> --- Changes since v1: - dropped changes to ceph_sync_setxattr(), MDS shall be responsible for preventing layout changes on encrypted dirs/files fs/ceph/ioctl.c | 4 ++++ 1 file changed, 4 insertions(+)