On Thu, Aug 01, 2019 at 11:35:56AM -0700, Eric Biggers wrote: > > "fscrypt lock" actually doesn't exist yet; it's a missing feature. My patch > to > the fscrypt tool adds it. So we get to decide on the semantics. We don't > want > to require root, though; so for v2 policy keys, the real semantics have to be > that "fscrypt lock" registers the key for the user, and "fscrypt unlock" > unregisters it for the user. >
I meant the other way around, of course: "fscrypt unlock" registers the key for the user, and "fscrypt lock" unregisters it for the user. - Eric
