cmd/fscrypt: add 'fscrypt lock' command

Add support for 'fscrypt lock'. This command "locks" a directory, undoing 'fscrypt unlock'. When the filesystem keyring is used, 'fscrypt lock' also detects when a directory wasn't fully locked due to some files still being in-use. It can then be run again later to try to finish locking the files.
author: Eric Biggers <ebiggers@google.com> 2019-12-15 19:31:39 -0800
committer: Eric Biggers <ebiggers@google.com> 2020-01-05 10:02:13 -0800
commit: 9003a0331a112e8901fae8279f4897a825ee8069 (patch)
tree: 37f6341d853346489f69ebd8b671b8133e69dfd5 /actions/policy.go
parent: 6ffc9457945a9484d2757cc4b01de35426502d0a (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/actions/policy.go b/actions/policy.go
index 6ef83ce..2d8c521 100644
--- a/actions/policy.go
+++ b/actions/policy.go
@@ -406,6 +406,12 @@ func (policy *Policy) Deprovision() error {
 		policy.Context.getKeyringOptions())
 }
 
+// NeedsUserKeyring returns true if Provision and Deprovision for this policy
+// will use a user keyring, not a filesystem keyring.
+func (policy *Policy) NeedsUserKeyring() bool {
+	return !policy.Context.Config.GetUseFsKeyringForV1Policies()
+}
+
 // commitData writes the Policy's current data to the filesystem.
 func (policy *Policy) commitData() error {
 	return policy.Context.Mount.AddPolicy(policy.data)
author	Eric Biggers <ebiggers@google.com>	2019-12-15 19:31:39 -0800
committer	Eric Biggers <ebiggers@google.com>	2020-01-05 10:02:13 -0800
commit	9003a0331a112e8901fae8279f4897a825ee8069 (patch)
tree	37f6341d853346489f69ebd8b671b8133e69dfd5 /actions/policy.go
parent	6ffc9457945a9484d2757cc4b01de35426502d0a (diff)