eCryptfs: allow userspace messaging to be disabled When the userspace messaging (for the less common case of userspace key wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with it removed. This saves on kernel code size and reduces potential attack surface by removing the /dev/ecryptfs node. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Tyler Hicks <tyhicks@canonical.com>

commit: 290502bee239062499297916bb7d21d205e99d62 [log] [tgz]
author: Kees Cook <keescook@chromium.org> Thu Feb 28 00:39:37 2013 -0800
committer: Tyler Hicks <tyhicks@canonical.com> Sun Mar 03 23:59:59 2013 -0800
tree: a9ec1729138c7f71c1c4e3e09ce12cf40db767e3
parent: 1111eae90fb64a9d9ed133e410712f1e34fdce4a [diff] [blame]
diff --git a/fs/ecryptfs/Kconfig b/fs/ecryptfs/Kconfig
index cc16562..1f63120 100644
--- a/fs/ecryptfs/Kconfig
+++ b/fs/ecryptfs/Kconfig

@@ -12,3 +12,11 @@
 
 	  To compile this file system support as a module, choose M here: the
 	  module will be called ecryptfs.
+
+config ECRYPT_FS_MESSAGING
+	bool "Enable notifications for userspace key wrap/unwrap"
+	depends on ECRYPT_FS
+	help
+	  Enables the /dev/ecryptfs entry for use by ecryptfsd. This allows
+	  for userspace to wrap/unwrap file encryption keys by other
+	  backends, like OpenSSL.
commit	290502bee239062499297916bb7d21d205e99d62	[log] [tgz]
author	Kees Cook <keescook@chromium.org>	Thu Feb 28 00:39:37 2013 -0800
committer	Tyler Hicks <tyhicks@canonical.com>	Sun Mar 03 23:59:59 2013 -0800
tree	a9ec1729138c7f71c1c4e3e09ce12cf40db767e3
parent	1111eae90fb64a9d9ed133e410712f1e34fdce4a [diff] [blame]