-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] Recursive scan for unused protectors and policies #253
Comments
Policies are the easy (or easier) ones to deal with here, as they generally will only be on one mountpoint (bind mounts complicate this story). Protectors are easier in one sense: you just need to check if they are protecting any policies. But they are harder as linked protectors can be setup across filesystems that may not be mounted at the time. |
Since the login protector can stay the same when upgrading a policy from v1 to v2, does that mean that technically a directory created with a v1 policy can be read with a v2 policy using the same protectors without recreating the directory and transferring the files over? Or does the policy play a role in how the encrypted data is written? |
No. The policy is how the directory is encrypted on-disk. If it's encrypted with v1, it can't be upgraded to v2 without creating a new directory and copying everything over. |
Destroying policies and protectors feels like a gamble. After a while, and after some upgrades to
fscrypt
, a user can end up with a lot of encrypted directories scattered over multiple mountpoints, with multiple policies and protectors.It would be helpful if
fscrypt
could do a recursive scan and list what protectors/policies are unused within current mountpoints so the user feels more at ease deleting them, orfscrypt
could offer to delete the unused ones.The text was updated successfully, but these errors were encountered: