Dustin - Can you give some more details on what you're looking for?
I just took a look at a f10 and RHEL 5.3 system and did a quick eCryptfs mount to see how files were labeled. To my surprise, they were handled differently.
I did an eCryptfs mount with ecryptfs_passthrough enabled. I created a file in the lower filesystem (plain.file), meaning it is a regular non-eCryptfs file, and then created a file in the upper filesystem (ecryptfs.file), so it got the full eCryptfs treatment. Here's the results:
Mount details:
---
/root/lower on /root/upper type ecryptfs (rw,ecryptfs_sig=7fa06f4b66fcde02,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough)
---
Both have their advantages, but the f10 approach is probably broken (this is a policy issue). The f10 way of doing this could be used to deny your backup application access to files of type ecryptfs_t, but giving all files in an eCryptfs mount ecryptfs_t isn't right. In RHEL 5.3, the labels in the lower filesystem are preserved, making existing policy work as expected, but there's no way to differentiate the encrypted and decrypted files by using the labels.
What changes would you like to see?
When thinking about your encrypted $HOME/Private implementation, you have all of the encrypted files tucked away under the upper mount point. Would it be helpful to have policy rules saying that rsync_t should read the encrypted versions of the files? It seems like that would be difficult without giving the files in the eCryptfs mount a different label (such as what's being done in f10).
Dustin - Can you give some more details on what you're looking for?
I just took a look at a f10 and RHEL 5.3 system and did a quick eCryptfs mount to see how files were labeled. To my surprise, they were handled differently.
I did an eCryptfs mount with ecryptfs_ passthrough enabled. I created a file in the lower filesystem (plain.file), meaning it is a regular non-eCryptfs file, and then created a file in the upper filesystem (ecryptfs.file), so it got the full eCryptfs treatment. Here's the results:
Mount details: sig=7fa06f4b66f cde02,ecryptfs_ cipher= aes,ecryptfs_ key_bytes= 16,ecryptfs_ passthrough)
---
/root/lower on /root/upper type ecryptfs (rw,ecryptfs_
---
RHEL 5.3: r:user_ home_t ecryptfs.file r:user_ home_t plain.file
---
[root@idea ~]# ls -Z lower/ upper/
lower/:
-rw-r--r-- root root root:object_
-rw-r--r-- root root root:object_
upper/: r:user_ home_t ecryptfs.file r:user_ home_t plain.file
-rw-r--r-- root root root:object_
-rw-r--r-- root root root:object_
---
f10: u:object_ r:admin_ home_t: s0 ecryptfs.file u:object_ r:admin_ home_t: s0 plain.file
---
[root@bracer4 ~]# ls -Z lower/ upper/
lower/:
-rw-r--r-- root root unconfined_
-rw-r--r-- root root unconfined_
upper/: u:object_ r:ecryptfs_ t:s0 ecryptfs.file u:object_ r:ecryptfs_ t:s0 plain.file
-rw-r--r-- root root system_
-rw-r--r-- root root system_
---
Both have their advantages, but the f10 approach is probably broken (this is a policy issue). The f10 way of doing this could be used to deny your backup application access to files of type ecryptfs_t, but giving all files in an eCryptfs mount ecryptfs_t isn't right. In RHEL 5.3, the labels in the lower filesystem are preserved, making existing policy work as expected, but there's no way to differentiate the encrypted and decrypted files by using the labels.
What changes would you like to see?
When thinking about your encrypted $HOME/Private implementation, you have all of the encrypted files tucked away under the upper mount point. Would it be helpful to have policy rules saying that rsync_t should read the encrypted versions of the files? It seems like that would be difficult without giving the files in the eCryptfs mount a different label (such as what's being done in f10).