Bug 457143

Summary: RHEL5.3: misc ecryptfs fixes from 2.6.27
Product: Red Hat Enterprise Linux 5 Reporter: Eric Sandeen <esandeen>
Component: kernelAssignee: Eric Sandeen <esandeen>
Status: CLOSED ERRATA QA Contact: Martin Jenner <mjenner>
Severity: low Docs Contact:
Priority: low    
Version: 5.3CC: ddomingo, dzickus
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
The following caveats apply to this release of eCryptfs: * Note that the eCryptfs file system will only work properly if the encrypted file system is mounted once over the underlying directory of the same name. For example: mount -t ecryptfs /mnt/secret /mnt/secret The secured portion of the file system should not be exposed, i.e. it should not be mounted to other mount points, bind mounts, and the like. * eCryptfs mounts on networked file systems (e.g. NFS, Samba) will not work properly. * This version of the eCryptfs kernel driver requires updated userspace, provided by ecryptfs-utils-56-4.el5 or newer.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-20 20:22:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 454962    

Description Eric Sandeen 2008-07-29 20:42:38 UTC 
There are several more ecryptfs fixes from the 2.6.27 stream that we want to
pick up for RHEL5.3.  Some address other bugs already and will be checked in
under those, but for those that are still bug-less, I'd like to get them into
the kernel tree under this bug:

Harvey Harrison         ecryptfs: inode.c mmap.c use unaligned byteorder helpers
Harvey Harrison         ecryptfs: crypto.c use unaligned byteorder helpers
Miklos Szeredi          ecryptfs: string copy cleanup
Tyler Hicks             ecryptfs: discard ecryptfsd registration messages in ...
Michael Halcrow         eCryptfs: Privileged kthread for lower file opens
Comment 1 RHEL Program Management 2008-07-29 20:53:00 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 4 Don Zickus 2008-09-15 14:18:21 UTC 
in kernel-2.6.18-115.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5
Comment 7 Linda Wang 2008-10-15 22:19:44 UTC 
*** Bug 449668 has been marked as a duplicate of this bug. ***
Comment 8 Eric Sandeen 2008-10-23 17:55:56 UTC 
Release note added. If any revisions are required, please set the 
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

New Contents:
(Please feel free to help wordsmith this...)

The eCryptfs filesystem is a POSIX-compliant stacked cryptographic filesystem for Linux.

This release of eCryptfs is supported for a specific configuration of mount points; namely, that the encrypted filesystem is mounted once, over the underlying directory of the same name, i.e.:

# mount -t ecryptfs /mnt/secret /mnt/secret

The underlying portion of the filesystem should not be exposed for direct manipulation via mounting to other mount points, bind mounts, etc.

Also, eCryptfs mounts on networked filesystems (NFS, samba, etc) are not supported.

This version of the eCryptfs kernel driver requires updated userspace, ecryptfs-utils-56-4.el5 or newer.
Comment 10 Don Domingo 2008-11-21 02:11:53 UTC 
Release note updated. If any revisions are required, please set the 
"requires_release_notes"  flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

Diffed Contents:
@@ -1,13 +1,11 @@
-(Please feel free to help wordsmith this...)
+The following caveats apply to this release of eCryptfs:
 
-The eCryptfs filesystem is a POSIX-compliant stacked cryptographic filesystem for Linux.
+* Note that the eCryptfs file system will only work properly if the encrypted file system is mounted once over the underlying directory of the same name. For example:
 
-This release of eCryptfs is supported for a specific configuration of mount points; namely, that the encrypted filesystem is mounted once, over the underlying directory of the same name, i.e.:
+mount -t ecryptfs /mnt/secret /mnt/secret
 
-# mount -t ecryptfs /mnt/secret /mnt/secret
+The secured portion of the file system should not be exposed, i.e. it should not be mounted to other mount points, bind mounts, and the like. 
 
-The underlying portion of the filesystem should not be exposed for direct manipulation via mounting to other mount points, bind mounts, etc.
+* eCryptfs mounts on networked file systems (e.g. NFS, Samba) will not work properly.
 
-Also, eCryptfs mounts on networked filesystems (NFS, samba, etc) are not supported.
+* This version of the eCryptfs kernel driver requires updated userspace, provided by ecryptfs-utils-56-4.el5 or newer.-
-This version of the eCryptfs kernel driver requires updated userspace, ecryptfs-utils-56-4.el5 or newer.
Comment 12 errata-xmlrpc 2009-01-20 20:22:34 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-0225.html