encrypt /home

[fbrau]

Full mode does not honor permissions. Lite mode on the other hand works as expected
I haven't tried chattr operations but I assume they aren't honored neither...

For example:

mkdir fullmount/somedir
chmod a-w fullmount/somedir
touch fullmount/somedir/onefile
    THIS SHOULD FAIL BUT IT DOES NOT
touch fullmount/somedir/onefile
chmod a-w fullmount/somedir/onefile
echo hello >> fullmount/somedir/onefile
	THIS SHOULD FAIL BUT IT DOES NOT

Which leads me to the real issue here: Can securefs Lite be used to encrypt /home partition
or /home/USER directory and be sure it wont break programs expecting POSIX-like behavior. In that case it should be mounted with use-ino too..., allow_other maybe..., what are the recommendations, or is it not a good idea?

[netheril96]

Full mode does not honor permissions.

I'll fix it in later releases. For now, you can add -o default_permissions to the mount command to achieve the same effect.

Can securefs Lite be used to encrypt /home partition

I've never tested it, but I guess some programs will be broken. For example, gpg requires Unix domain socket which is probably not working on a securefs mount point.