first - mount.ecryptfs does not work because of mlock limit, it means only required parts should be locked, not whole memory. I was thinking about something like safe_malloc and safe_free as used for example in cryptsetup (iirc)
second - when I've removed suid bit from mount.ecryptfs in Fedora, it seems mount.ecryptfs is quite useless, because only root can use it. Even if user have all options in /etc/fstab, he has not enough privileges to use mount.ecryptfs, only add keys (ecryptfs-add-... or with mount.ecryptfs if other modules than passphrase are needed, go to mount: permission denied and use mount -i). This seems quite broken for me... if we already have mount.ecryptfs and mount.ecryptfs_private, which can (after not completely easy re-configuration) mount any owned directory... this design really seems broken. So I suggest: use mount.ecryptfs only for generating options, adding key to keyring,... and mount.ecryptfs_private only for mounting (suid, with owned directory check). This will allow to use mount.ecryptfs in/instead of other shell scripts, which iirc were created only because mount.ecryptfs was broken and too scary.
> How do you propose that we solve this problem?
it's difficult question...
> Do you have any update on this?
not too much...
first - mount.ecryptfs does not work because of mlock limit, it means only required parts should be locked, not whole memory. I was thinking about something like safe_malloc and safe_free as used for example in cryptsetup (iirc)
second - when I've removed suid bit from mount.ecryptfs in Fedora, it seems mount.ecryptfs is quite useless, because only root can use it. Even if user have all options in /etc/fstab, he has not enough privileges to use mount.ecryptfs, only add keys (ecryptfs-add-... or with mount.ecryptfs if other modules than passphrase are needed, go to mount: permission denied and use mount -i). This seems quite broken for me... if we already have mount.ecryptfs and mount.ecryptfs_ private, which can (after not completely easy re-configuration) mount any owned directory... this design really seems broken. So I suggest: use mount.ecryptfs only for generating options, adding key to keyring,... and mount.ecryptfs_ private only for mounting (suid, with owned directory check). This will allow to use mount.ecryptfs in/instead of other shell scripts, which iirc were created only because mount.ecryptfs was broken and too scary.