Lock a dynamic domain
#include <fs_crypto_api.h> #include <sys/fs_crypto.h> int fs_crypto_domain_lock_dynamic( const char *path, int *preply)
The fs_crypto_domain_lock_dynamic() function locks a dynamic domain, which prevents access to the original contents of any file that belongs to the specified domain, and clears both the domain key and individual file encryption keys (FEKs). When this action is complete, the state of the domain is equivalent to the usual locked state.
Because the domain key is cleared, any further I/O operations fail with EACCES. File access, which requires access to the domain key to update file metadata, is not permitted.
To make sure that filesystem metadata is updated consistently before the domain is locked, this function also flushes the entire filesystem.
This function sets the variable pointed to by preply to one of the following values:
This function can also return any of the errors indicated by devctl() or open().
Safety: | |
---|---|
Cancellation point | Yes |
Interrupt handler | No |
Signal handler | No |
Thread | Yes |