fscrypt.git/security, branch 0.2.2

fscrypt.git/security, branch 0.2.2 Go tool for managing Linux filesystem encryption https://git.hodgden.net/cgit.cgi/fscrypt.git/atom?h=0.2.2 2017-10-02T23:49:16Z security: Sync filesystem before dropping caches 2017-10-02T23:49:16Z Joe Richey joerichey@google.com joerichey@google.com 2017-10-02T23:49:16Z urn:sha1:c6568945adb69a3b7779c0f9e0e1f427d31209ab Fix lint 2017-09-29T10:08:03Z Joseph Richey joerichey94@gmail.com 2017-09-29T10:06:17Z urn:sha1:6f6c91993294d9bc753d22f58884dcc8e0a2f108 security: Add check option to UserKeyringID 2017-09-29T09:52:56Z Joseph Richey joerichey94@gmail.com 2017-09-29T09:52:56Z urn:sha1:4d9372795e7b53d105f69790c1d9deadbff85458 security: Change user keyring lookup algorithm 2017-09-01T07:53:07Z Joseph Richey joerichey94@gmail.com 2017-09-01T07:53:07Z urn:sha1:1ce72a7367967152948dbe332ea8d9834f194c27 Now instead of spawning a seperate thread we alternate between changing the euid and ruid to both find the keyring and link it to the process keyring. Note that we also ensure that the user keyring is linked into the root keyring whenever possible. security: No more permenant privilege dropping 2017-09-01T07:50:42Z Joseph Richey joerichey94@gmail.com 2017-09-01T07:50:42Z urn:sha1:d5f64c1ecd8f13f01681d0a18b8f3174ff9bd225 This was creating an issue becasuse fully dropping privileges required spawning a goroutine and using rutime.DropOSThread(). security: Error if privilege reset goes wrong 2017-08-31T19:09:26Z Joe Richey joerichey@google.com 2017-08-31T19:09:26Z urn:sha1:f1bd511fff8e411687001bd8e76e8a41c9f5ff41 Fixed linter issues 2017-08-31T18:29:30Z Joe Richey joerichey@google.com 2017-08-31T18:29:30Z urn:sha1:5586bc35fbb33f20c38f52285c19c015b804ea94 security: Rewrite of keryings and permissions 2017-08-31T00:51:05Z Joe Richey joerichey@google.com 2017-08-31T00:51:05Z urn:sha1:7888645ab68ed0510ff66121f35630b11976a09f The keyring lookup functions no longer read from /proc/keys. Now they simply spawn a thread, drop privs, and check with GetKeyringID and KEY_SPEC_USER_KEYRING. See userKeyringID() for more info. The privileges functions have also been changed. Now the concept of setting privileges is seperate form the concept of setting up the keyrings. security: fscrypt now possesses the user keyring 2017-08-24T06:46:54Z Joseph Richey joerichey94@gmail.com 2017-08-24T06:46:54Z urn:sha1:7fbff9a4d531e33f3d7c7e0b9871c2e19a55bace Added some documentation and improved security API 2017-08-23T19:29:10Z Joe Richey joerichey@google.com joerichey@google.com 2017-08-23T19:29:10Z urn:sha1:b15792b8d7c197d84970415fd2525c51aee3996c