From 75cf58070a87aecfdad295ee50d048603d1916ed Mon Sep 17 00:00:00 2001
From: Marcel Lauhoff <marcel.lauhoff@suse.com>
Date: Fri, 12 Aug 2022 14:45:29 +0200
Subject: fsync set policy ioctls

Split policyIoctl into setPolicyIoctl and getPolicyIoctl. Add a
os.Sync() call to setPolicyIoctl.

Policy ioctls are not necessary durable on return. For example, on
ext4 (ref: fs/ext4/crypto.c: ext4_set_context) they are not. This may
lead to a filesystem containing fscrypt metadata (in .fscrypt), but
without the policy applied on an encrypted directory.

Example:
Snapshotting a mounted ext4 filesystem on Ceph RBD right after
setting the policy. While subject to timing, with high probability the
snapshot will not have the policy set. Calling fsync fixes this.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
---
 metadata/policy_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'metadata/policy_test.go')

diff --git a/metadata/policy_test.go b/metadata/policy_test.go
index 7fe2841..7856ed3 100644
--- a/metadata/policy_test.go
+++ b/metadata/policy_test.go
@@ -186,7 +186,7 @@ func requireV2PolicySupport(t *testing.T, directory string) {
 	}
 	defer file.Close()
 
-	err = policyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY_EX, nil)
+	err = getPolicyIoctl(file, unix.FS_IOC_GET_ENCRYPTION_POLICY_EX, nil)
 	if err == ErrEncryptionNotSupported {
 		t.Skip("No support for v2 encryption policies, skipping test")
 	}
-- 
cgit v1.2.3