On Tue, Sep 18, 2007 at 02:47:37PM +0200, Andreas Baetz wrote:
> On Saturday 15 September 2007, Benedikt Boehm <hollow@gentoo.org> wrote:
> > On Fri, 14 Sep 2007 14:50:51 +0200
> > Andreas Baetz <lac01@web.de> wrote:
> >
> > > I tried to enable ecryptfs in 2.6.22.6 and found that
> > > it is disabled in the config because "access key retention support"
> > > is diabled because of patch-2.6.22.6-vs2.2.0.3.diff:
> > >
> > > config KEYS
> > > bool "Enable access key retention support"
> > > + depends on !VSERVER_SECURITY
> > > help
> > >
> > > Can somebody explain ?
> >
> > <Hollow> Bertl_zZ, daniel_hozac: i just got a mail why CONFIG_KEYS
> > can't be used together with VSERVER_SECURITY (needed for ecryptfs), but
> > i have no idea :)
> > <daniel_hozac> Hollow: it's not isolated.
> > <daniel_hozac> Hollow: and you most definitely don't want different
> > guests having access to the same keys...
> >
> > >
> > > Also, what exactly does VSERVER_SECURITY mean and why is it not
> > > possible to deselect it in the kernel config (make xconfig) - At
> > > least I didn't find the option ?
>
> Is there a way to enable both vserver and ecryptfs ?
the key problem will be gone shortly in the devel branch
for 2.6.23 and later by utilizing the user namespaces
to separate keychains ...
until then I would suggest to make use of other (probably
more performant, but less feature rich :) crypto setups
like dm ...
HTC,
Herbert
> Andreas
>
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> **********************************************************************
Received on Wed Sep 19 02:50:09 2007