fsync set policy ioctls

Split policyIoctl into setPolicyIoctl and getPolicyIoctl. Add a os.Sync() call to setPolicyIoctl. Policy ioctls are not necessary durable on return. For example, on ext4 (ref: fs/ext4/crypto.c: ext4_set_context) they are not. This may lead to a filesystem containing fscrypt metadata (in .fscrypt), but without the policy applied on an encrypted directory. Example: Snapshotting a mounted ext4 filesystem on Ceph RBD right after setting the policy. While subject to timing, with high probability the snapshot will not have the policy set. Calling fsync fixes this. Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
author: Marcel Lauhoff <marcel.lauhoff@suse.com> 2022-08-12 14:45:29 +0200
committer: Eric Biggers <ebiggers3@gmail.com> 2022-08-23 09:35:43 -0700
commit: 75cf58070a87aecfdad295ee50d048603d1916ed (patch)
tree: 8a5a21f76b18938075a0d35b73e25b2f00a7b502 /metadata/policy_test.go
parent: a1ddf6e09af39320fee969f52d36ae0f2ca94d83 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/metadata/policy_test.go b/metadata/policy_test.go
index 7fe2841..7856ed3 100644
--- a/metadata/policy_test.go
+++ b/metadata/policy_test.go
@@ -186,7 +186,7 @@ func requireV2PolicySupport(t *testing.T, directory string) {
 	}
 	defer file.Close()
 
-	err = policyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY_EX, nil)
+	err = getPolicyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY_EX, nil)
 	if err == ErrEncryptionNotSupported {
 		t.Skip("No support for v2 encryption policies, skipping test")
 	}
author	Marcel Lauhoff <marcel.lauhoff@suse.com>	2022-08-12 14:45:29 +0200
committer	Eric Biggers <ebiggers3@gmail.com>	2022-08-23 09:35:43 -0700
commit	75cf58070a87aecfdad295ee50d048603d1916ed (patch)
tree	8a5a21f76b18938075a0d35b73e25b2f00a7b502 /metadata/policy_test.go
parent	a1ddf6e09af39320fee969f52d36ae0f2ca94d83 (diff)