if (err)
GOTO(out_free_cfg, err);
+ /* LSI_FILENAME_ENC is only used by embedded llcrypt */
+#ifdef CONFIG_LL_ENCRYPTION
if (ll_sb_has_test_dummy_encryption(sb))
/* enable filename encryption by default for dummy enc mode */
lsi->lsi_flags |= LSI_FILENAME_ENC;
else
/* filename encryption is disabled by default */
lsi->lsi_flags &= ~LSI_FILENAME_ENC;
+#endif
/* kernel >= 2.6.38 store dentry operations in sb->s_d_op. */
sb->s_d_op = &ll_d_ops;
LDEBUGFS_SEQ_FOPS(ll_nosquash_nids);
+#ifdef CONFIG_LL_ENCRYPTION
static int ll_filename_enc_seq_show(struct seq_file *m, void *v)
{
struct super_block *sb = m->private;
}
LDEBUGFS_SEQ_FOPS(ll_filename_enc);
+#endif /* CONFIG_LL_ENCRYPTION */
static int ll_pcc_seq_show(struct seq_file *m, void *v)
{
.fops = &ll_nosquash_nids_fops },
{ .name = "pcc",
.fops = &ll_pcc_fops, },
+#ifdef CONFIG_LL_ENCRYPTION
{ .name = "enable_filename_encryption",
.fops = &ll_filename_enc_fops, },
+#endif
{ NULL }
};
which fscrypt || skip "This test needs fscrypt userspace tool"
- fscrypt setup --force --verbose || error "fscrypt global setup failed"
+ yes | fscrypt setup --force --verbose ||
+ error "fscrypt global setup failed"
sed -i 's/\(.*\)policy_version\(.*\):\(.*\)\"[0-9]*\"\(.*\)/\1policy_version\2:\3"2"\4/' \
/etc/fscrypt.conf
- fscrypt setup --verbose $MOUNT || error "fscrypt setup $MOUNT failed"
+ yes | fscrypt setup --verbose $MOUNT ||
+ error "fscrypt setup $MOUNT failed"
mkdir -p $testdir
chown -R $ID0:$ID0 $testdir
[ $filecount -eq 3 ] || error "found $filecount files"
# check enable_filename_encryption default value
+ # tunable only available for client built against embedded llcrypt
$LCTL get_param mdc.*.connect_flags | grep -q name_encryption &&
nameenc=$(lctl get_param -n llite.*.enable_filename_encryption |
head -n1)
+ # If client is built against in-kernel fscrypt, it is not possible
+ # to decide to encrypt file names or not: they are always encrypted.
if [ -n "$nameenc" ]; then
[ $nameenc -eq 0 ] ||
error "enable_filename_encryption should be 0 by default"
# setup encryption from inside this subdir mount
# the .fscrypt directory is going to be created at the real fs root
- fscrypt setup --verbose $MOUNT ||
+ yes | fscrypt setup --verbose $MOUNT ||
error "fscrypt setup $MOUNT failed (2)"
testdir=$MOUNT/vault
mkdir $testdir
fid1=$(path2fid $MOUNT/.fscrypt)
echo "With FILESET $tdir, .fscrypt FID is $fid1"
- # enable name encryption
+ # enable name encryption, only valid if built against embedded llcrypt
if [ -n "$nameenc" ]; then
do_facet mgs $LCTL set_param -P \
llite.*.enable_filename_encryption=1
$RUNAS fscrypt lock --verbose $DIR/$tdir/vault ||
error "fscrypt lock $DIR/$tdir/vault failed (5)"
- # disable name encryption
+ # disable name encryption, only valid if built against embedded llcrypt
if [ -n "$nameenc" ]; then
do_facet mgs $LCTL set_param -P \
llite.*.enable_filename_encryption=0