Bug 78544

Summary: [RFE] add encrypted file system support
Product: [Retired] Red Hat Linux Reporter: Michael Lee Yohe <michael>
Component: distributionAssignee: Arjan van de Ven <arjanv>
Status: CLOSED DUPLICATE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: notting, sam, sopwith
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-12-09 17:46:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Lee Yohe 2002-11-25 15:37:27 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020830

Description of problem:
Encrypted file system support is becoming a feature necessary in securing
systems - it's being adopted by other distributions and is a standard feature
available on many operating systems (especially the dominant Windows 2000/XP). 
This is particularly handy for the enterprise in adopting Red Hat Linux
installed on laptops and mobile computing devices that could potentially handle
important data that should not fall into the wrong hands.

There are various methods and drivers that currently work with the Linux kernel
- some are non-interference implementations (mostly reside in the user level and
are easily modified/setup via the loopback device).  Some are on the low-level
parts of the kernel - which could cause problems in kernel maintenance and
platform independence.

As it stands, adding a kernel "hook" for a usermode driver, and adding user-land
utilities to setup loopback devices and a simple loopback file to store
encrypted data would be a big plus, since the operating system itself does not
necessarily be encrypted (for speed purposes).  Only sections of the operating
system needs to be encrypted, as well as some installed applications
(/etc/passwd, /opt/secure??) would need to be encrypted.

I believe a nicely streamlined setup application combined with this module would
help Red Hat Linux adoption for mobile computing devices and laptops.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. see description.	

Actual Results:  No existence of a method to encrypt file system data.

Expected Results:  kernel level support for encrypted file systems.
user-level applications to setup encrypted file systems.

Additional info:
Comment 1 Arjan van de Ven 2002-11-25 15:39:28 UTC 
ehm please check again; the 8.0 kernel HAS loop encryption support
Comment 2 Michael Lee Yohe 2002-12-05 15:04:34 UTC 
In reference to Bug 56698, the distribution should have a method of configuring
an encrypted file system.  I am currently working on a GTK2 application that
will handle this on a per-user level (configurable by root) - however,
non-functional (out-of-the-box) loopback encryption support for filesystems _in
the distribution_  prevents this capability (as it stands).

Should this be Bill's RFE bug?
Comment 3 Bill Nottingham 2002-12-09 17:46:48 UTC 
Elliot, can we pull in the util-linux bits?
Comment 4 Elliot Lee 2002-12-09 17:56:09 UTC 
Would like to use whatever the upstream util-linux maintainer decides to accept.

I will e-mail him again to find out what the status is.

Until there's a util-linux with crypto support included, I don't want to add support in the RH 
package by choosing from the umpteen patch sets out there.

*** This bug has been marked as a duplicate of 56698 ***