diff options
Diffstat (limited to 'cli-tests')
| -rw-r--r-- | cli-tests/t_encrypt.out | 21 | ||||
| -rw-r--r-- | cli-tests/t_lock.out | 22 | ||||
| -rw-r--r-- | cli-tests/t_setup.out | 2 | ||||
| -rw-r--r-- | cli-tests/t_v1_policy.out | 13 |
4 files changed, 40 insertions, 18 deletions
diff --git a/cli-tests/t_encrypt.out b/cli-tests/t_encrypt.out index e3bace0..26cb451 100644 --- a/cli-tests/t_encrypt.out +++ b/cli-tests/t_encrypt.out @@ -7,11 +7,22 @@ ext4 filesystem "MNT" has 0 protectors and 0 policies encrypted # Try to encrypt a nonempty directory -[ERROR] fscrypt encrypt: MNT/dir: not an empty directory - -Encryption can only be setup on empty directories; files cannot be encrypted -in-place. Instead, encrypt an empty directory, copy the files into that -encrypted directory, and securely delete the originals with "shred". +[ERROR] fscrypt encrypt: Directory "MNT/dir" cannot be + encrypted because it is non-empty. + +Files cannot be encrypted in-place. Instead, encrypt a new directory, copy the +files into it, and securely delete the original directory. For example: + + mkdir MNT/dir.new + fscrypt encrypt MNT/dir.new + cp -a -T MNT/dir MNT/dir.new + find MNT/dir -type f -print0 | xargs -0 shred -n1 --remove=unlink + rm -rf MNT/dir + mv MNT/dir.new MNT/dir + +Caution: due to the nature of modern storage devices and filesystems, the +original data may still be recoverable from disk. It's much better to encrypt +your files from the start. ext4 filesystem "MNT" has 0 protectors and 0 policies [ERROR] fscrypt status: file or directory "MNT/dir" is not diff --git a/cli-tests/t_lock.out b/cli-tests/t_lock.out index c0f9279..b8c8dcb 100644 --- a/cli-tests/t_lock.out +++ b/cli-tests/t_lock.out @@ -33,11 +33,16 @@ desc2 No custom protector "prot" contents # Try to lock directory while files busy -[ERROR] fscrypt lock: some files using the key are still open +[ERROR] fscrypt lock: Directory was incompletely locked because some files are + still open. These files remain accessible. -Directory was incompletely locked because some files are still open. These files -remain accessible. Try killing any processes using files in the directory, then -re-running 'fscrypt lock'. +Try killing any processes using files in the directory, for example using: + + find "MNT/dir" -print0 | xargs -0 fuser -k + +Then re-run: + + fscrypt lock "MNT/dir" # => status should be incompletely locked "MNT/dir" is encrypted with fscrypt. @@ -72,11 +77,12 @@ mkdir: cannot create directory 'MNT/dir/subdir': Required key not available # Try to lock directory while other user has unlocked Enter custom passphrase for protector "prot": "MNT/dir" is now unlocked and ready for use. -[ERROR] fscrypt lock: other users have added the key too +[ERROR] fscrypt lock: Directory "MNT/dir" couldn't be fully + locked because other user(s) have unlocked it. + +If you want to force the directory to be locked, use: -Directory couldn't be fully locked because other user(s) have unlocked it. If -you want to force the directory to be locked, use 'sudo fscrypt lock --all-users -DIR'. + sudo fscrypt lock --all-users "MNT/dir" contents "MNT/dir" is now locked. cat: MNT/dir/file: No such file or directory diff --git a/cli-tests/t_setup.out b/cli-tests/t_setup.out index ef0d133..943a781 100644 --- a/cli-tests/t_setup.out +++ b/cli-tests/t_setup.out @@ -26,7 +26,7 @@ Skipping creating MNT_ROOT/.fscrypt because it already exists. # fscrypt setup --quiet when fscrypt.conf already exists [ERROR] fscrypt setup: operation would be destructive -Use --force to automatically run destructive operations. +If desired, use --force to automatically run destructive operations. # fscrypt setup --quiet --force when fscrypt.conf already exists diff --git a/cli-tests/t_v1_policy.out b/cli-tests/t_v1_policy.out index e693bf5..b47bcca 100644 --- a/cli-tests/t_v1_policy.out +++ b/cli-tests/t_v1_policy.out @@ -101,11 +101,16 @@ cat: MNT/dir/file: No such file or directory # Testing incompletely locking v1-encrypted directory Enter custom passphrase for protector "prot": "MNT/dir" is now unlocked and ready for use. Encrypted data removed from filesystem cache. -[ERROR] fscrypt lock: some files using the key are still open +[ERROR] fscrypt lock: Directory was incompletely locked because some files are + still open. These files remain accessible. -Directory was incompletely locked because some files are still open. These files -remain accessible. Try killing any processes using files in the directory, then -re-running 'fscrypt lock'. +Try killing any processes using files in the directory, for example using: + + find "MNT/dir" -print0 | xargs -0 fuser -k + +Then re-run: + + fscrypt lock "MNT/dir" "MNT/dir" is encrypted with fscrypt. Policy: desc1 |