diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-05-09 14:17:17 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-05-09 15:16:13 -0700 |
| commit | de51add609bc74b7247ec4776bd694abbea24a45 (patch) | |
| tree | b5f304a4ecc101a5410bb2274d129dbc7dad6441 /cli-tests/t_v1_policy.sh | |
| parent | fb99b37a05696db4ceabb793e5f16727ec854ed1 (diff) | |
Try to detect incomplete locking of v1-encrypted directory
'fscrypt lock' on a v1-encrypted directory doesn't warn about in-use
files, as the kernel doesn't provide a way to easily detect it.
Instead, implement a heuristic where we check whether a subdirectory can
be created. If yes, then the directory must not be fully locked.
Make both 'fscrypt lock' and 'fscrypt status' use this heuristic.
Resolves https://github.com/google/fscrypt/issues/215
Diffstat (limited to 'cli-tests/t_v1_policy.sh')
| -rwxr-xr-x | cli-tests/t_v1_policy.sh | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/cli-tests/t_v1_policy.sh b/cli-tests/t_v1_policy.sh index 1ebfae5..e9f3acf 100755 --- a/cli-tests/t_v1_policy.sh +++ b/cli-tests/t_v1_policy.sh @@ -54,3 +54,18 @@ _print_header "Lock v1-encrypted directory" fscrypt lock "$dir" --user="$TEST_USER" _user_do "fscrypt status '$dir'" _expect_failure "cat '$dir/file'" + +# 'fscrypt lock' and 'fscrypt status' implement a heuristic that should detect +# the "files busy" case with v1. +_print_header "Testing incompletely locking v1-encrypted directory" +_user_do "echo hunter2 | fscrypt unlock '$dir'" +exec 3<"$dir/file" +_expect_failure "fscrypt lock '$dir' --user='$TEST_USER'" +_user_do "fscrypt status '$dir'" +# ... except in this case, because we can't detect it without a directory path. +_user_do "fscrypt status '$MNT'" +exec 3<&- +_print_header "Finishing locking v1-encrypted directory" +fscrypt lock "$dir" --user="$TEST_USER" +_user_do "fscrypt status '$dir'" +_expect_failure "cat '$dir/file'" |