Comments (6)
josephlr
commented on May 5, 2024
@limbo127 do you not want to have to create /etc/fscrypt.conf at all? Or do you just need a way to override parameters in it for a specific call?
from fscrypt.
limbo127
commented on May 5, 2024
Hello,
It’s ok by modify path in code, so a mention in readme should be fine
Regards,
Nicolas
Le dim. 8 oct. 2017 à 09:16, Joseph Richey <[email protected]> a
écrit :
… @limbo127 <https://github.com/limbo127> do you not want to have to create
/etc/fscrypt.conf at all? Or do you just need a way to override parameters
in it for a specific call?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#72 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABgm0BAMxswOGl-6yuE7AHR6BtrHq8Pfks5sqHbLgaJpZM4PwIqZ>
.
from fscrypt.
fristonio
commented on May 5, 2024
@josephlr What are we planning to do in this. I think providing a command line flag to specify custom configuration file is a good idea, or else we can also have an environment variable(like FSCRYPT_CONFIG) specifying the config file path.
I can work on this.
from fscrypt.
josephlr
commented on May 5, 2024
@fristonio My idea here was to basically allow /etc/fscrypt.conf to exist in multiple places, and then define a sane ordering to look though them, overriding settings as we go. My thoughts on the order (basically from lower to higher priority):
- Compiled in application defaults
/etc/fscrypt.conf- User configuration dirs as specified by the XDG Specification. This basically means we search for
$XDG_CONFIG_HOME/fscrypt/fscrypt.configaka~/.config/fscrypt/fscrypt.conf. - A flag passed in naming a file to be used. This could also be parameters for each option, but a command line flag seems better.
Thoughts? This change also means that we could remove certain things we write to /etc/fscrypt.conf by default. For example, if the file encryption mode isn't set, the fscrypt binary could chose the "best" algorithm avalible on the system.
from fscrypt.
fristonio
commented on May 5, 2024
Yeah, this looks good to me. A few things though.
Compiled in application defaults
I don't understand this. Are you trying to say that /etc/fscrypt.conf shouldn't be the default but the one specified by user during compile time should be used as default?
if the file encryption mode isn't set, the fscrypt binary could chose the "best" algorithm avalible on the system?
We don't do this now?
from fscrypt.
ebiggers
commented on May 5, 2024
A while ago, 31bc8c8 added a FSCRYPT_CONF environmental variable for testing purposes. I'm not sure whether we should just document that and consider this issue closed, or whether we should still implement the more complex design described in #72 (comment). It might be best to keep things simple for now.
from fscrypt.
Related Issues (20)
- fscrypt master key handling at kernel space adding additional secure params. HOT 2
- In fscrypt user space, after removing the key from key ring, the encrypted directories file names continues to be in clear form. HOT 2
- Support for individual files to assigned instead of directory level HOT 3
- "fscrypt metadata add-protector-to-policy" doesn't work in key files HOT 1
- Poor scriptability due to --name not being easily checkable HOT 2
- failureExitCode should return higher number than 1 if user tries to lock an already locked file
- Deleting files from folder encrypted with fscrypt HOT 4
- Partial Decrypt HOT 3
- fscrypt tests fail on non x86_64 arches (aarch64, ppc64le, s390x) HOT 7
- How to resolve "Some processes can't access unlocked encrypted files"? HOT 2
- Should we make the fscrypt metadata harder to delete? HOT 2
- multiple login nodes (multiple lustre client), how should I correctly apply the fscrypt tool to encrypt files under shared storage? HOT 1
- Unlocking of encrypted directory inside of disk partition image does not work while fscrypt confirms "ready for use" HOT 4
- Generate `fscrypt.conf` with Adiantum as the encryption mode HOT 2
- How to unlock encrypted regular files located in an unencrypted directory? HOT 8
- Obscure error message due to process address space limit HOT 5
- A question: how does diectory know what policy protects it? HOT 12
- Is it good Idea to copy and reuse policy on other device? Is it good idea to copy and reuse a protector? HOT 2
- fscrypt on CephFS does not recognize locked directories upon remount HOT 7
- fscrypt on CephFS: no buffer space available HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fscrypt.