From 634f57465048c698381513cdc2ee205d4f04e538 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Mon, 25 Jan 2021 11:12:01 -0800 Subject: Avoid using the word "whitelist" --- README.md | 11 ++++++----- metadata/policy.go | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 23aa542..73153ed 100644 --- a/README.md +++ b/README.md @@ -430,11 +430,12 @@ information to the syslog. This step is only needed if you installed `fscrypt` from source code. Some Linux distros use restrictive settings in `/etc/pam.d/other` that prevent -non-whitelisted programs from checking your login passphrase. This prevents -`fscrypt` from creating any login passphrase-protected directories, even without -auto-unlocking. To ensure that `fscrypt` will work properly (if you didn't -install an official `fscrypt` package from your distro, which should have -already handled this), also create a file `/etc/pam.d/fscrypt` containing: +programs from checking your login passphrase unless a per-program PAM +configuration file grants access. This prevents `fscrypt` from creating any +login passphrase-protected directories, even without auto-unlocking. To ensure +that `fscrypt` will work properly (if you didn't install an official `fscrypt` +package from your distro, which should have already handled this), also create a +file `/etc/pam.d/fscrypt` containing: ``` auth required pam_unix.so ``` diff --git a/metadata/policy.go b/metadata/policy.go index 76c2e6f..e218a08 100644 --- a/metadata/policy.go +++ b/metadata/policy.go @@ -205,7 +205,7 @@ func shouldUseDirectKeyFlag(options *EncryptionOptions) bool { if options.Contents != options.Filenames { return false } - // Whitelist the modes that take a 24+ byte IV (enough room for the per-file nonce) + // Currently only Adiantum supports DIRECT_KEY. return options.Contents == EncryptionOptions_Adiantum } -- cgit v1.2.3