# Encrypt directory
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"

# Lock directory
"MNT/dir" is now locked.

# => filenames should be in encrypted form
cat: MNT/dir/file: No such file or directory

# => shouldn't be able to create a subdirectory
mkdir: cannot create directory 'MNT/dir/subdir': Required key not available

# Unlock directory
Enter custom passphrase for protector "prot": "MNT/dir" is now unlocked and ready for use.
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Yes

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"
contents

# Try to lock directory while files busy
[ERROR] fscrypt lock: Directory was incompletely locked because some files are
                      still open. These files remain accessible.

Try killing any processes using files in the directory, for example using:

     find "MNT/dir" -print0 | xargs -0 fuser -k

Then re-run:

     fscrypt lock "MNT/dir"

# => status should be incompletely locked
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: Partially (incompletely locked)

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"

# => open file should still be readable
contents

# => shouldn't be able to create a new file
bash: MNT/dir/file2: Required key not available

# Finish locking directory
"MNT/dir" is now locked.
"MNT/dir" is encrypted with fscrypt.

Policy:   desc1
Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
Unlocked: No

Protected with 1 protector:
PROTECTOR         LINKED  DESCRIPTION
desc2  No      custom protector "prot"
cat: MNT/dir/file: No such file or directory
mkdir: cannot create directory 'MNT/dir/subdir': Required key not available

# Try to lock directory while other user has unlocked
[ERROR] fscrypt lock: Directory "MNT/dir" couldn't be fully
                      locked because other user(s) have unlocked it.

If you want to force the directory to be locked, use:

     sudo fscrypt lock --all-users "MNT/dir"
contents
"MNT/dir" is now locked.
cat: MNT/dir/file: No such file or directory