Re: ecryptfs directories as nautilus mounts



On Sun, 2008-12-14 at 22:40 -0500, Mike Rooney wrote:
> Hi All,
> 
> I am working on integrating ecryptfs private directories
> (https://help.ubuntu.com/community/EncryptedPrivateDirectory) into the
> Gnome desktop, and want to make mounting and unmounting (or unlocking
> and locking as we'll perhaps call it) as easy as possible.
> 
> As such something like this mock would be great:
> http://launchpadlibrarian.net/17440012/mockup.png. Andrew Walton
> pointed me towards
> http://library.gnome.org/devel/gio/stable/GMount.html and said it
> should be possible, but what do we need to do on the mount level for
> this to work? Currently the mount shows up as:
> "/home/username/.Private on /home/username/Private type ecryptfs
> (rw,ecryptfs_sig=xxxx,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,user=username)", if that is of any help.
> 
> And what needs to happen on the Nautilus front, to get the banner at
> the top either in either case (I assume the custom icons in the
> sidebar aren't easy so that isn't necessary)? When the directory is
> "unmounted" it still exists, just with no contents, except for
> currently a symlink to the binary to mount it, so we want a banner
> like the mockup. When it is mounted then we would a similar one allow
> the user to unmount/lock it.
> 
> Any comments on the idea -- thoughts, criticisms or suggestions for
> integration?

I'm not sure we want to display things in the sidebar for ecryptfs
"mounts". The fact that ecryptfs uses a POSIX mount is an implementation
detail of how ecryptfs works; it's certainly not what we would regard as
a GMount. For the record, a GMount is defined to be a user-visible
mount. Note that we already go through a lot of pain to filter out other
UNIX mounts that are not interesting to show either; e.g. you don't what
stuff like /sys, /proc in your side bar.

I do like the idea of having a Cluebar that is shown in the file manager
[1] when you are in a hierarchy (e.g. ~/Private) that contains encrypted
files. So a few questions / thoughts about that

 o  Implementation-wise (since I happen know little or nothing about
    ecryptfs), how do you suggest that we determine for a given URI
    that we're in such a hierarchy? Can you have multiple separate
    hierarchies with different passphrases (e.g. ~/Private and
    ~/Work/Private)? Or only one? Or does a single ecryptfs mount
    allow any file in / to be encrypted?

 o  How is the mount performed? Are privileges needed?
    (sigh, looks like privileges are needed)

 o  You should be using the keyring to store/retrieve the password;
    (Need to be careful if the keyring itself is in a encrypted file.
     Can you determine if a given file is encrypted?)

 o  It would be nice with a small distro-independent wizard to set
    this kind of thing up.

    David

[1] : and ideally the File Chooser too. See, yet another reason we want
these code bases to be merged (e.g. have Nautilus provide a GTK+
extension so Nautilus code is used in the file chooser) </soapbox>




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]