diff options
| author | Eric Biggers <ebiggers@google.com> | 2019-12-15 19:31:39 -0800 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-01-05 10:02:13 -0800 |
| commit | 9003a0331a112e8901fae8279f4897a825ee8069 (patch) | |
| tree | 37f6341d853346489f69ebd8b671b8133e69dfd5 /README.md | |
| parent | 6ffc9457945a9484d2757cc4b01de35426502d0a (diff) | |
cmd/fscrypt: add 'fscrypt lock' command
Add support for 'fscrypt lock'. This command "locks" a directory,
undoing 'fscrypt unlock'.
When the filesystem keyring is used, 'fscrypt lock' also detects when a
directory wasn't fully locked due to some files still being in-use. It
can then be run again later to try to finish locking the files.
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 15 |
1 files changed, 7 insertions, 8 deletions
@@ -91,7 +91,8 @@ Concretely, fscrypt contains the following functionality: * `fscrypt setup MOUNTPOINT` - Gets a filesystem ready for use with fscrypt * `fscrypt encrypt DIRECTORY` - Encrypts an empty directory * `fscrypt unlock DIRECTORY` - Unlocks an encrypted directory -* `fscrypt purge MOUNTPOINT` - Removes keys for a filesystem before unmounting +* `fscrypt lock DIRECTORY` - Locks an encrypted directory +* `fscrypt purge MOUNTPOINT` - Locks all encrypted directories on a filesystem * `fscrypt status [PATH]` - Gets detailed info about filesystems or paths * `fscrypt metadata` - Manages policies or protectors directly @@ -367,12 +368,10 @@ Protected with 1 protector: PROTECTOR LINKED DESCRIPTION 7626382168311a9d No custom protector "Super Secret" -# Purging a filesystem locks all the files. ->>>>> sudo fscrypt purge /mnt/disk --user=$USER -WARNING: Encrypted data on this filesystem will be inaccessible until unlocked again!! -Purge all policy keys from "/mnt/disk" and drop global inode cache? [y/N] y -Policies purged for "/mnt/disk". - +# Lock the directory. +>>>>> sudo fscrypt lock /mnt/disk/dir1 --user=$USER +Encrypted data removed from filesystem cache. +"/mnt/disk/dir1" is now locked. >>>>> fscrypt status /mnt/disk/dir1 "/mnt/disk/dir1" is encrypted with fscrypt. @@ -410,7 +409,7 @@ Hello World #### Quiet Version ```bash ->>>>> sudo fscrypt purge /mnt/disk --user=$USER --quiet --force +>>>>> sudo fscrypt lock /mnt/disk/dir1 --quiet --user=$USER >>>>> echo "hunter2" | fscrypt unlock /mnt/disk/dir1 --quiet ``` |