diff options
author | Kees Cook <keescook@chromium.org> | 2013-02-28 00:39:37 -0800 |
---|---|---|
committer | Tyler Hicks <tyhicks@canonical.com> | 2013-03-03 23:59:59 -0800 |
commit | 290502bee239062499297916bb7d21d205e99d62 (patch) | |
tree | a9ec1729138c7f71c1c4e3e09ce12cf40db767e3 /fs/ecryptfs/Kconfig | |
parent | 1111eae90fb64a9d9ed133e410712f1e34fdce4a (diff) |
eCryptfs: allow userspace messaging to be disabled
When the userspace messaging (for the less common case of userspace key
wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with
it removed. This saves on kernel code size and reduces potential attack
surface by removing the /dev/ecryptfs node.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Diffstat (limited to 'fs/ecryptfs/Kconfig')
-rw-r--r-- | fs/ecryptfs/Kconfig | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/fs/ecryptfs/Kconfig b/fs/ecryptfs/Kconfig index cc16562654de..1f63120b669a 100644 --- a/fs/ecryptfs/Kconfig +++ b/fs/ecryptfs/Kconfig @@ -12,3 +12,11 @@ config ECRYPT_FS To compile this file system support as a module, choose M here: the module will be called ecryptfs. + +config ECRYPT_FS_MESSAGING + bool "Enable notifications for userspace key wrap/unwrap" + depends on ECRYPT_FS + help + Enables the /dev/ecryptfs entry for use by ecryptfsd. This allows + for userspace to wrap/unwrap file encryption keys by other + backends, like OpenSSL. |