aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-10-03Merge pull request #68 from dvrkps/patch-1Joseph Richey
travis: update go version
2017-10-03travis: update go versionDavor Kapsa
2017-10-02Merge pull request #67 from google/syncJoseph Richey
security: Sync filesystem before dropping caches
2017-10-02security: Sync filesystem before dropping cachesJoe Richey joerichey@google.com
2017-09-29Merge pull request #64 from google/new_valuesJoseph Richey
Update all external dependencies to the latest version
2017-09-29Merge pull request #65 from google/session_keyringJoseph Richey
security: Add check option to UserKeyringID
2017-09-29vendor: Just add windows to make govendor workJoseph Richey
2017-09-29Fix lintJoseph Richey
2017-09-29security: Add check option to UserKeyringIDJoseph Richey
2017-09-29metadata: Add new encryption modesJoseph Richey
2017-09-29Makefile: Don't update dependancies w/ "make all"Joseph Richey
2017-09-29vendor: Update to latest versionsJoseph Richey
This changes the vendored sources of github.com/golang/protobuf, golang.org/x/crypto/ssh, and golang.org/x/sys/unix to be the current master versions.
2017-09-06Fixes logging string for policiesJoseph Richey
We should always log the descriptor not the entire policy structure.
2017-09-01Merge pull request #56 from google/panicsv0.2.10.2.1Joseph Richey
Fixed failures in PAM module
2017-09-01cmd/fscrypt: Add explanations for keyring failuresJoseph Richey
Now the user is persented with help when they try to access a keyring that isn't theirs or try to use fscrypt without a user keyring linked into the session keyring.
2017-09-01cmd/fscrypt: Check that keyrings are setupJoseph Richey
Chaning the --user flag to (optionally) check for a proper keyring setup allows us to fail early in cases where we need a working keyring.
2017-09-01security: Change user keyring lookup algorithmJoseph Richey
Now instead of spawning a seperate thread we alternate between changing the euid and ruid to both find the keyring and link it to the process keyring. Note that we also ensure that the user keyring is linked into the root keyring whenever possible.
2017-09-01security: No more permenant privilege droppingJoseph Richey
This was creating an issue becasuse fully dropping privileges required spawning a goroutine and using rutime.DropOSThread().
2017-09-01pam_fscrypt: PAM module no longer crashes on panicJoseph Richey
Now the offending panic will just be logged and the module will fail. This is important as to not crash the login process.
2017-08-31Merge pull request #52 from google/keyringsJoseph Richey
Changes to the keyrings interface, corresponding UI changes, and misc changes
2017-08-31Merge pull request #54 from google/uuidJoseph Richey
Use `/dev/disk/by-uuid` to get UUID links to other filesystems
2017-08-31filesystem: libblkid -> search /dev/disk/by-uuidJoe Richey
2017-08-31security: Error if privilege reset goes wrongJoe Richey
2017-08-31Fixed linter issuesJoe Richey
2017-08-30cmd/fscrypt: Add --user flag for running as rootJoe Richey
The --user flag can now be used to have the targe user (the one whose keyring and password will be used in fscrypt) be different than the calling user. Very usefull for things like sudo fscrypt purge /media/joerichey/usb --user=joerichey which will now have privileges to drop caches, but will properly clear the keys from the user's keyring.
2017-08-30pam_fscrypt: Added logging and use of new pam APIJoe Richey
2017-08-30actions: context now hold a target user.UserJoe Richey
This user is used with policies to interface with the keryings and with protectors to indicate which user's login passphrase should be used to protectors of type pam_passphrase.
2017-08-30crypto: Updated to include user parameterJoe Richey
2017-08-30pam: Handle holds data for calling and PAM usersJoe Richey
The functions are now changed to (Start|Stop)AsPamUser to indicate that they handle privilege modification and keyring setup.
2017-08-30security: Rewrite of keryings and permissionsJoe Richey
The keyring lookup functions no longer read from /proc/keys. Now they simply spawn a thread, drop privs, and check with GetKeyringID and KEY_SPEC_USER_KEYRING. See userKeyringID() for more info. The privileges functions have also been changed. Now the concept of setting privileges is seperate form the concept of setting up the keyrings.
2017-08-30util: Added parsing and effective user functionsJoseph Richey
2017-08-30gitignore: Update to include VSCode filesJoseph Richey
2017-08-29Go formatter "gofmt" -> "goimports"Joseph Richey
2017-08-29pam_fscrypt: Handle empty arguments listJoseph Richey
2017-08-29cmd/fscrypt: Stop dropping/raising for sudoJoseph Richey
2017-08-29Merge pull request #49 from google/miscJoseph Richey
Fix a wide variety of small issues and update documentation
2017-08-29Merge pull request #48 from google/contribJoseph Richey
Update CONTRIBUTING.md to explain how issues will work
2017-08-29Merge pull request #47 from google/build_tagsJoseph Richey
Makefile: Build version flag no longer needs repo
2017-08-29README: Clarified boot related encryption issuesJoe Richey
2017-08-29CONTRIBUTING: typoJoe Richey
2017-08-29crypto: Handle when "ulimit -l" is too lowJoe Richey
2017-08-29Fixed typosJoe Richey
2017-08-29Added +build linux,cgo flagsJoe Richey
2017-08-29CONTRIBUTING: Make it clear how issues workJoe Richey
2017-08-29Makefile: Build version flag no longer needs repoJoe Richey
2017-08-28Merge pull request #44 from mhalcrow/masterJoseph Richey
Fix typo (once -> one).
2017-08-25Fix typo (once -> one).Michael Halcrow
2017-08-24Merge pull request #25 from google/fixv0.2.00.2.0Joseph Richey
fscrypt PAM module
2017-08-24Updated documentation for PAM module helpJoseph Richey
2017-08-23security: fscrypt now possesses the user keyringJoseph Richey
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-10 19:55:06 +0000