diff options
| author | Joe Richey joerichey@google.com <joerichey@google.com> | 2017-10-02 16:49:16 -0700 |
|---|---|---|
| committer | Joe Richey joerichey@google.com <joerichey@google.com> | 2017-10-02 16:49:16 -0700 |
| commit | c6568945adb69a3b7779c0f9e0e1f427d31209ab (patch) | |
| tree | 38a3d5d4f65988238c4affb22011f90beab9ad40 /cmd | |
| parent | d6efd2ab463e82cc3a78860384f26d809bd76ce5 (diff) | |
security: Sync filesystem before dropping caches
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/fscrypt/commands.go | 15 | ||||
| -rw-r--r-- | cmd/fscrypt/flags.go | 6 |
2 files changed, 11 insertions, 10 deletions
diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go index bd4827b..2f23a0f 100644 --- a/cmd/fscrypt/commands.go +++ b/cmd/fscrypt/commands.go @@ -321,15 +321,16 @@ var Purge = cli.Command{ there are four important things to note about this command: (1) When run with the default options, this command also clears - the dentry and inode cache, so that the encrypted files and - directories will no longer be visible. However, this requires - root privileges. + the reclaimable dentries and inodes, so that the encrypted files + and directories will no longer be visible. However, this + requires root privileges. Note that any open file descriptors to + plaintext data will not be affected by this command. (2) When run with %[2]s=false, the keyring is cleared and root permissions are not required, but recently accessed encrypted directories and files will remain cached for some time. Because - of this, after purging a filesystem's keys, it is recommended to - unmount the filesystem. + of this, after purging a filesystem's keys in this manner, it + is recommended to unmount the filesystem. (3) When run as root, this command removes the policy keys for all users. However, this will only work if the PAM module has @@ -382,10 +383,10 @@ func purgeAction(c *cli.Context) error { fmt.Fprintf(c.App.Writer, "Policies purged for %q.\n", ctx.Mount.Path) if dropCachesFlag.Value { - if err = security.DropInodeCache(); err != nil { + if err = security.DropFilesystemCache(); err != nil { return newExitError(c, err) } - fmt.Fprintf(c.App.Writer, "Global inode cache cleared.\n") + fmt.Fprintf(c.App.Writer, "Encrypted data removed filesystem cache.\n") } else { fmt.Fprintf(c.App.Writer, "Filesystem %q should now be unmounted.\n", ctx.Mount.Path) } diff --git a/cmd/fscrypt/flags.go b/cmd/fscrypt/flags.go index bb8de3d..5137eff 100644 --- a/cmd/fscrypt/flags.go +++ b/cmd/fscrypt/flags.go @@ -164,9 +164,9 @@ var ( dropCachesFlag = &boolFlag{ Name: "drop-caches", Usage: `After purging the keys from the keyring, drop the - inode and dentry cache for the purge to take effect. - Without this flag, cached encrypted files may still have - their plaintext visible. Requires root privileges.`, + associated caches for the purge to take effect. Without + this flag, cached encrypted files may still have their + plaintext visible. Requires root privileges.`, Default: true, } ) |