|
|
|
|
|
|
by cpach
794 days ago
|
|
|
I assume that in this scenario we don’t want to change the behaviour (program code, source code) of the application itself. Why is it important that the syscalls (write et al) encrypts? (Even if they do so only under the hood.) Is it not sufficient that the application writes to a place that is encrypted? It’s probably not impossible to modify the syscalls, but I think it would be vastly easier to let the outside system handle the encryption. “I was only able to find FUSE filesystems that can transparently encrypt files on top of a file system” I believe the reason that you mostly found such solutions is that they are much more “cost-effective” than implementing a system that operates on the syscall level. If you need to ensure that the application writes only to the specific mountpoint you can probably use some kind of “jail” to achieve that. Here’s a decent starting point on that: https://blog.mnus.de/2020/05/sandboxing-soldatserver-with-bu... (assuming that the application runs on Linux) |
|
|