RHEL5.2 has ecryptfs-utils-41 as tech preview; upstream has moved on to ecryptfs-utils-45 with a handful of fixes, enhancements, and documentation updates. It seems reasonable to me to go ahead and pull in these upstream changes for 5.3. Thanks, -Eric
(incidentally Mike, we should upate at least rawhide with this version first; probably also F9, good to get that airtime on Fedora) Thanks, -Eric
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
This bug needs a review from the component owner before granting Devel ACK. Thanks, Read ya, Phil
Per the new kernel code I submitted today we need at least -44 for things to keep working. Mike had told me that there was a module param to keep using netlink, but in fact miscdev is hard-coded, and we'll need -44 or greater. Thanks, -Eric
Looks like there's some good stuff we may well need/want for some of our own userspace integration aspirations that'll be in ecryptfs-utils -50 or so (stuff that just went in after -49 was tagged, plus some additional pending work).
version 56 has fixes for namespace problems as well as documentation fixes. As some mount parameters have changed, most testcases need to be changed as well.
this bug is now documented in the RHEL5.3 release notes. please refer to the following link within the next 24 hours or so to view the most current build: http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.3/html-single/Release_Notes/
Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: eCryptfs is a stacked cryptographic file system for Linux. It mounts on individual directories in existing mounted lower file systems such as EXT3; there is no need to change existing partitions or file systems in order to start using eCryptfs. With this release, eCryptfs has been re-based to upstream version 56, which provides several bug fixes and enhancements. In addition, this update provides a graphical program to help configure eCryptfs (ecryptfs-mount-helper-gui). This update also changes the syntax of certain eCryptfs mount options. If you choose to update to this version of eCryptfs, you should update any affected mount scripts and /etc/fstab entries. For information about these changes, refer to man ecryptfs. For more information about eCryptfs, refer to http://ecryptfs.sf.net. You can also refer to http://ecryptfs.sourceforge.net/README and http://ecryptfs.sourceforge.net/ecryptfs-faq.html for basic setup information.
Release note updated. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1,4 +1,8 @@ -eCryptfs is a stacked cryptographic file system for Linux. It mounts on individual directories in existing mounted lower file systems such as EXT3; there is no need to change existing partitions or file systems in order to start using eCryptfs. - With this release, eCryptfs has been re-based to upstream version 56, which provides several bug fixes and enhancements. In addition, this update provides a graphical program to help configure eCryptfs (ecryptfs-mount-helper-gui). - This update also changes the syntax of certain eCryptfs mount options. If you choose to update to this version of eCryptfs, you should update any affected mount scripts and /etc/fstab entries. For information about these changes, refer to man ecryptfs. +The following caveats apply to this release of eCryptfs: + Note that the eCryptfs file system will only work properly if the encrypted file system is mounted once over the underlying directory of the same name. For example: +mount -t ecryptfs /mnt/secret /mnt/secret + The secured portion of the file system should not be exposed, i.e. it should not be mounted to other mount points, bind mounts, and the like. +eCryptfs mounts on networked file systems (e.g. NFS, Samba) will not work properly. + This version of the eCryptfs kernel driver requires updated userspace, which is provided by ecryptfs-utils-56-4.el5 or newer. + The eCryptfs graphical user interface has been removed. For more information about eCryptfs, refer to http://ecryptfs.sf.net. You can also refer to http://ecryptfs.sourceforge.net/README and http://ecryptfs.sourceforge.net/ecryptfs-faq.html for basic setup information.
Release note updated. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -4,5 +4,5 @@ The secured portion of the file system should not be exposed, i.e. it should not be mounted to other mount points, bind mounts, and the like. eCryptfs mounts on networked file systems (e.g. NFS, Samba) will not work properly. This version of the eCryptfs kernel driver requires updated userspace, which is provided by ecryptfs-utils-56-4.el5 or newer. - The eCryptfs graphical user interface has been removed. + For more information about eCryptfs, refer to http://ecryptfs.sf.net. You can also refer to http://ecryptfs.sourceforge.net/README and http://ecryptfs.sourceforge.net/ecryptfs-faq.html for basic setup information.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0203.html