Closed irq0 closed 2 years ago
google-cla[bot]
commented
2 years ago Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
View this failed invocation of the CLA check for more information.
For the most up to date status, view the checks section at the bottom of the pull request.
ebiggers
commented
2 years ago The failure in "Run command-line interface tests" is unrelated and will be fixed by https://github.com/google/fscrypt/pull/362.
So it looks like you just need to sign the CLA. (Or make sure that you've done everything for the CLA to be recognized, if your company already has it on file.)
irq0
commented
2 years ago So it looks like you just need to sign the CLA. (Or make sure that you've done everything for the CLA to be recognized, if your company already has it on file.)
There is already a company CLA, I'm waiting to get added.
irq0
commented
2 years ago CLA is now signed
ebiggers
commented
2 years ago Merged, thanks!
Split policyIoctl into setPolicyIoctl and getPolicyIoctl. Add a os.Sync() call to setPolicyIoctl.
Policy ioctls are not necessary durable on return. For example, on ext4 (ref: fs/ext4/crypto.c: ext4_set_context) they are not. This may lead to a filesystem containing fscrypt metadata (in .fscrypt), but without the policy applied on an encrypted directory.
Example: Snapshotting a mounted ext4 filesystem on Ceph RBD right after setting the policy. While subject to timing, with high probability the snapshot will not have the policy set. Calling fsync fixes this.
Signed-off-by: Marcel Lauhoff marcel.lauhoff@suse.com