On Mon, Aug 05, 2019 at 09:25:16AM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > Add a root-only variant of the FS_IOC_REMOVE_ENCRYPTION_KEY ioctl which > removes all users' claims of the key, not just the current user's claim. > I.e., it always removes the key itself, no matter how many users have > added it. > > This is useful for forcing a directory to be locked, without having to > figure out which user ID(s) the key was added under. This is planned to > be used by a command like 'sudo fscrypt lock DIR --all-users' in the > fscrypt userspace tool (http://github.com/google/fscrypt). > > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> Looks good, thanks. Feel free to add: Reviewed-by: Theodore Ts'o <tytso@xxxxxxx>
