Ubuntu
fscrypt package

Can 0.2.6 or later get back-ported into focal fossa?

Asked by Bernie Bernstein

Since Focal Fossa is on kernel 5.4, it would be great if a version of fscrypt could be made available which supports v2 encryption policies. With the current encryption policy support, there are known limitations with the kernel keyring when utilizing namespaces. This has caused problems as highlighted here: https://github.com/google/fscrypt/issues/128 where certain processes are unable to access encrypted files with the error message "Required key not available".

With encryption policy v2, this should be resolved, however in order to take advantage of this new support in the 5.4 kernel, a version of fscrypt is required which supports the new encryption policy format.

Currently Focal Fossa still has 0.2.5 as the latest version available, which is the last version which does not support the new policy format. Version 0.2.6 supports it, but requires it to be enabled in a config file. Version 0.2.7 or later enables it by default if the current kernel supports it.

It would be great if the new security policy version could be used in Focal Fossa as this issue has been a significant issue when dealing with fs level encryption.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu fscrypt Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

There is a higher version available for focal in a PPA (https://launchpad.net/~nafallo/+archive/ubuntu/magicalforest), and there is a new version for Ubuntu groovy.
You can try using one of them, see https://launchpad.net/ubuntu/+source/fscrypt

And of course you can create a bug report, requesting an upgrade or backport for focal.

Can you help with this problem?

Provide an answer of your own, or ask Bernie Bernstein for more information if necessary.

To post a message you must log in.