korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 04:18:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

fscrypt: document that CephFS supports fscrypt now

Browse Source 
The help text for CONFIG_FS_ENCRYPTION and the fscrypt.rst documentation
file both list the filesystems that support fscrypt.  CephFS added
support for fscrypt in v6.6, so add CephFS to the list.

Link: https://lore.kernel.org/r/20231227045158.87276-1-ebiggers@kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
This commit is contained in:
Eric Biggers 2023-12-26 22:51:58 -06:00
parent 0fc24a6549
commit c1f1f5bf41
2 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Documentation/filesystems/fscrypt.rst
View File

@ -31,15 +31,15 @@ However, except for filenames, fscrypt does not encrypt filesystem
metadata. metadata.
Unlike eCryptfs, which is a stacked filesystem, fscrypt is integrated Unlike eCryptfs, which is a stacked filesystem, fscrypt is integrated
directly into supported filesystems --- currently ext4, F2FS, and directly into supported filesystems --- currently ext4, F2FS, UBIFS,
UBIFS. This allows encrypted files to be read and written without and CephFS. This allows encrypted files to be read and written
caching both the decrypted and encrypted pages in the pagecache, without caching both the decrypted and encrypted pages in the
thereby nearly halving the memory used and bringing it in line with pagecache, thereby nearly halving the memory used and bringing it in
unencrypted files. Similarly, half as many dentries and inodes are line with unencrypted files. Similarly, half as many dentries and
needed. eCryptfs also limits encrypted filenames to 143 bytes, inodes are needed. eCryptfs also limits encrypted filenames to 143
causing application compatibility issues; fscrypt allows the full 255 bytes, causing application compatibility issues; fscrypt allows the
bytes (NAME_MAX). Finally, unlike eCryptfs, the fscrypt API can be full 255 bytes (NAME_MAX). Finally, unlike eCryptfs, the fscrypt API
used by unprivileged users, with no need to mount anything. can be used by unprivileged users, with no need to mount anything.
fscrypt does not support encrypting files in-place. Instead, it fscrypt does not support encrypting files in-place. Instead, it
supports marking an empty directory as encrypted. Then, after supports marking an empty directory as encrypted. Then, after

2
fs/crypto/Kconfig
View File

@ -11,7 +11,7 @@ config FS_ENCRYPTION
feature is similar to ecryptfs, but it is more memory feature is similar to ecryptfs, but it is more memory
efficient since it avoids caching the encrypted and efficient since it avoids caching the encrypted and
decrypted pages in the page cache. Currently Ext4, decrypted pages in the page cache. Currently Ext4,
F2FS and UBIFS make use of this feature. F2FS, UBIFS, and CephFS make use of this feature.
# Filesystems supporting encryption must select this if FS_ENCRYPTION. This # Filesystems supporting encryption must select this if FS_ENCRYPTION. This
# allows the algorithms to be built as modules when all the filesystems are, # allows the algorithms to be built as modules when all the filesystems are,