Hide Forgot
1. Feature Overview: Feature Id: [69758] a. Name of Feature: [6.2 FEAT] Inclusion of upstream eCryptfs kernel fixes b. Feature Description Please backport upstream eCryptfs kernel fixes. Once the upstream deadlines begin to approach for each distro, I'll provide a list of mainline kernel git commit ID's that I'll be backporting. 2. Feature Details: Sponsor: LTC Security Architectures: ppc64, x86, x86_64, zSeries - 31/32 compat, zSeries - 31/32 Native, zSeries - 64 native, Arch Specificity: purely common code Affects Kernel Modules: Yes Delivery Mechanism: Backport Category: kernel Request Type: Package - Feature from Upstream d. Upstream Acceptance: In Progress Sponsor Priority P2 f. Severity: normal IBM Confidential: No Code Contribution: --- g. Component Version Target: --- 3. Business Case Kernel fixes having an impact on performance, security, lower filesystem support and data integrity should be backported to meet users' expectations of eCryptfs. 4. Primary contact at Red Hat: John Jarvis, jjarvis 5. Primary contacts at Partner: Project Management Contact: Stephanie A. Glass, sglass.com Technical contact(s): TYLER C. HICKS, tchicks.com
Since RHEL 6.1 External Beta has begun, and this bug remains unresolved, it has been rejected as it is not proposed as exception or blocker. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
Please note that ecryptfs is still tech preview and we are seriously considering removing it from upcoming RHEL releases unless we see a clear, compelling business case. If you have something to share, we would love to have feedback. Thanks!
------- Comment From tyhicks.ibm.com 2011-04-27 21:29 EDT------- (In reply to comment #5) > Please note that ecryptfs is still tech preview and we are seriously > considering removing it from upcoming RHEL releases unless we see a clear, > compelling business case. > > If you have something to share, we would love to have feedback. Hello Ric - eCryptfs, which provides per-file encryption, becomes much more interesting when looking at cloud security needs. Providing secure multi-tenancy, in the cloud storage model, is the most obvious use case. Offline client data separation in which clients self-manage encryption leverages the flexibility of eCryptfs to work with other filesystems. Kernel 2.6.39 should release with basic support for eCryptfs to work with NFSv3 clients. Future goals include eCryptfs working with the 9p client and possibly NFSv4 clients. As the eCryptfs kernel maintainer, I recognize that the current stacked-filesystem design is more complex than it needs to be and am interested in moving eCryptfs lower into the VFS and individual file system code. This would relieve eCryptfs of worrying about stacking issues and simply focus on what matters - encryption, key management, file integrity, etc. Please let me know if you have any other questions. Tyler
Hi Tyler, We have been looking hard to see solid interest in ecryptfs - not a lot of uptake in our current field, so we are thinking about dropping it from RHEL. It would be great to have a call with you & Sayan (our product management lead for FS) to help evaluate this before things get chopped :)
Based on the current priorities eCryptFS is being dropped from tech-preview status in RHEL 6. We kept it in Technology Preview for a long time but have not seen any uptake in either usage or interest. We may re-consider it's inclusion in a later RHEL release based on demand and interest.
------- Comment From sglass.com 2011-05-26 17:14 EDT------- Red Hat we are deferring this feature until RHEL 6.3.
We use ecryptfs in our products for Transparent Data Encryption. We have customers on RHEL among other distributions and if ecryptfs is dropped this will prevent our current customers from upgrading to RHEL 6 to say the least. With all the latest security breaches it is difficult to understand why a security feature would be dropped from RHEL and also considering that other distributions continue to support ecryptfs. Encryption is a requirement for many regulations like PCI, HIPAA or FERPA, ecryptfs is currently used to address these regulations. Some of our customers are listed on our website, but many others are not and all these customers will not be happy about ecryptfs being dropped from RHEL. Eddie Garcia VP of Development www.gazzang.com