Hi Eric, On Wed, Dec 14, 2016 at 05:45:49PM -0600, Eric Sandeen wrote: > On 11/28/16 4:18 PM, Eric Biggers wrote: > > Add set_encpolicy and get_encpolicy commands to xfs_io so that xfstests > > will be able to test filesystem encryption using the actual user API, > > not just hacked in with a mount option. These commands use the common > > "fscrypt" API currently implemented by ext4 and f2fs, but it's also > > under development for ubifs and planned for xfs. > > > > Note that to get encrypted files to actually work, it's also necessary > > to add a key to the kernel keyring. This patch does not add a command > > for this to xfs_io because it's possible to do it using keyctl. keyctl > > can also be used to remove keys, revoke keys, invalidate keys, etc. > > What is the standard utility for doing this? I ask because while > xfs_io does operate on non-xfs filesystems, this may be the first dedicated > command proposed for xfs_io which isn't actually useful on xfs itself. > And that seems a little out of place to me at this point. > > If it's just for the purpose of facilitating fstests, we do have some > single-purpose helpers in src/ in the xfstests repo, as well. > The new xfs_io commands are indeed only intended for xfstests. My original proposal was to add a fscrypt_util program to xfstests, but Dave Chinner said the commands should be added to xfs_io instead and that it's planned to eventually make XFS support the encryption API too. set_policy and get_policy commands are also available in 'e4crypt', which is part of e2fsprogs. There is also a common userspace utility called 'fscrypt' being designed to replace e4crypt. However, neither of these programs are intended to simply expose the raw ioctls. Therefore, not everything I am testing in the new xfstests could be tested with them. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-xfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
