| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-04-08 | Switch to google.golang.org/protobuf/proto | Eric Biggers | |
| github.com/golang/protobuf/proto has been deprecated in favor of google.golang.org/protobuf/proto, so migrate to the non-deprecated one. | |||
| 2022-02-23 | filesystem: create metadata files with mode 0600 | Eric Biggers | |
| Currently, fscrypt policies and protectors are world readable, as they are created with mode 0644. While this can be nice for use cases where users share these files, those use cases seem to be quite rare, and it's not a great default security-wise since it exposes password hashes to all users. While fscrypt uses a very strong password hash algorithm, it would still be best to follow the lead of /etc/shadow and keep this information non-world-readable. Therefore, start creating these files with mode 0600. Of course, if users do actually want to share these files, they have the option of simply chmod'ing them to a less restrictive mode. An option could also be added to make fscrypt use the old mode 0644; however, the need for that is currently unclear. | |||
| 2020-05-09 | cmd/fscrypt: improve errors | Eric Biggers | |
| In checkEncryptable(), check whether the directory is already encrypted before checking whether it's empty. Also improve the error message for when a directory is nonempty. Finally, translate keyring.ErrKeyAddedByOtherUsers and keyring.ErrKeyFilesOpen into errors which include the directory. | |||
| 2020-05-09 | cli-tests: add t_lock | Eric Biggers | |
| Test locking a directory. | |||
 |
index : fscrypt.git | |
| Go tool for managing Linux filesystem encryption |
| aboutsummaryrefslogtreecommitdiff |