summaryrefslogtreecommitdiff
path: root/fs/ecryptfs/Kconfig
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2013-02-28 12:39:37 +0400
committerTyler Hicks <tyhicks@canonical.com>2013-03-04 11:59:59 +0400
commit290502bee239062499297916bb7d21d205e99d62 (patch)
treea9ec1729138c7f71c1c4e3e09ce12cf40db767e3 /fs/ecryptfs/Kconfig
parent1111eae90fb64a9d9ed133e410712f1e34fdce4a (diff)
downloadlinux-290502bee239062499297916bb7d21d205e99d62.tar.xz
eCryptfs: allow userspace messaging to be disabled
When the userspace messaging (for the less common case of userspace key wrap/unwrap via ecryptfsd) is not needed, allow eCryptfs to build with it removed. This saves on kernel code size and reduces potential attack surface by removing the /dev/ecryptfs node. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Diffstat (limited to 'fs/ecryptfs/Kconfig')
-rw-r--r--fs/ecryptfs/Kconfig8
1 files changed, 8 insertions, 0 deletions
diff --git a/fs/ecryptfs/Kconfig b/fs/ecryptfs/Kconfig
index cc16562654de..1f63120b669a 100644
--- a/fs/ecryptfs/Kconfig
+++ b/fs/ecryptfs/Kconfig
@@ -12,3 +12,11 @@ config ECRYPT_FS
To compile this file system support as a module, choose M here: the
module will be called ecryptfs.
+
+config ECRYPT_FS_MESSAGING
+ bool "Enable notifications for userspace key wrap/unwrap"
+ depends on ECRYPT_FS
+ help
+ Enables the /dev/ecryptfs entry for use by ecryptfsd. This allows
+ for userspace to wrap/unwrap file encryption keys by other
+ backends, like OpenSSL.