cmd/fscrypt: purge command now clears cache

author: Joe Richey joerichey@google.com <joerichey@google.com> 2017-08-15 18:11:29 -0700
committer: Joe Richey joerichey@google.com <joerichey@google.com> 2017-08-17 22:49:44 -0700
commit: 151e8965fa3a9c8f65e316430f9df0fa763fb02d (patch)
tree: 5be6cb1e1d617e60ba7624abc3c940c65715ba5e /util/util.go
parent: b4d51e0f4d34dbfd78e23662f3dfd90e86ae5e48 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/util/util.go b/util/util.go
index 14d23e2..acdc3fc 100644
--- a/util/util.go
+++ b/util/util.go
@@ -25,6 +25,7 @@ package util
 
 import (
 	"bufio"
+	"log"
 	"math"
 	"os"
 	"unsafe"
@@ -97,3 +98,19 @@ func ReadLine() (string, error) {
 	scanner.Scan()
 	return scanner.Text(), scanner.Err()
 }
+
+// DropInodeCache instructs the kernel to clear the global cache of inodes and
+// dentries. This has the effect of making encrypted directories whose keys
+// are not present no longer accessible. Requires root privileges.
+func DropInodeCache() error {
+	log.Print("dropping page caches")
+	// See: https://www.kernel.org/doc/Documentation/sysctl/vm.txt
+	file, err := os.OpenFile("/proc/sys/vm/drop_caches", os.O_WRONLY|os.O_SYNC, 0)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+	// "2" just clears the inodes and dentries
+	_, err = file.WriteString("2")
+	return err
+}
author	Joe Richey joerichey@google.com <joerichey@google.com>	2017-08-15 18:11:29 -0700
committer	Joe Richey joerichey@google.com <joerichey@google.com>	2017-08-17 22:49:44 -0700
commit	151e8965fa3a9c8f65e316430f9df0fa763fb02d (patch)
tree	5be6cb1e1d617e60ba7624abc3c940c65715ba5e /util/util.go
parent	b4d51e0f4d34dbfd78e23662f3dfd90e86ae5e48 (diff)