Lock a domain
#include <fs_crypto_api.h> #include <sys/fs_crypto.h> int fs_crypto_domain_lock( const char *path, int domain, int *preply );
The fs_crypto_domain_lock() function locks a domain, which prevents access to the original contents of any file belonging to the specified domain, and clears the domain key from memory. When this action is complete, the state of the domain is equivalent to the usual locked state.
Because the domain key is cleared, any further I/O operations fail with EACCES. It does not clear the individual file encryption keys (FEKs). File access is not permitted because updating the file metadata requires access to the domain key.
To make sure that filesystem metadata is updated consistently before the domain is locked, this function also flushes the entire filesystem.
This function sets the variable pointed to by preply to one of the following values:
This function can also return any of the errors indicated by devctl() or open().
Safety: | |
---|---|
Cancellation point | Yes |
Interrupt handler | No |
Signal handler | No |
Thread | Yes |