In _require_encryption_policy_support(), when checking whether the
encryption policy is usable, try creating a nonempty file rather
than an empty one. This ensures that both the contents and
filenames encryption modes are available, rather than just the
filenames mode.
On f2fs this makes generic/549 be correctly skipped, rather than
failed, when run on a kernel built from the latest fscrypt.git tree
with CONFIG_CRYPTO_SHA256=n.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
# without kernel crypto API support. E.g. a policy using Adiantum
# encryption can be set on a kernel without CONFIG_CRYPTO_ADIANTUM.
# But actually trying to use such an encrypted directory will fail.
- if ! touch $dir/file; then
+ # To reliably check for availability of both the contents and filenames
+ # encryption modes, try creating a nonempty file.
+ if ! echo foo > $dir/file; then
_notrun "encryption policy '$set_encpolicy_args' is unusable; probably missing kernel crypto API support"
fi
$KEYCTL_PROG clear @s