diff options
| -rw-r--r-- | Documentation/MANPAGE.md | 32 | ||||
| -rw-r--r-- | Documentation/performance.txt | 1 | ||||
| -rw-r--r-- | README.md | 22 |
3 files changed, 46 insertions, 9 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index 1c7e7b9..4aa9fb9 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -54,6 +54,11 @@ be suitable. #### -d, -debug Enable debug output. +#### -dev, -nodev +Enable (`-dev`) or disable (`-nodev`) device files in a gocryptfs mount +(default: `-nodev`). If both are specified, `-nodev` takes precedence. +You need root permissions to use `-dev`. + #### -devrandom Use /dev/random for generating the master key instead of the default Go implementation. This is especially useful on embedded systems with Go versions @@ -61,6 +66,10 @@ prior to 1.9, which fall back to weak random data when the getrandom syscall is blocking. Using this option can block indefinitely when the kernel cannot harvest enough entropy. +#### -exec, -noexec +Enable (`-exec`) or disable (`-noexec`) executables in a gocryptfs mount +(default: `-exec`). If both are specified, `-noexec` takes precedence. + #### -extpass string Use an external program (like ssh-askpass) for the password prompt. The program should return the password on stdout, a trailing newline is @@ -172,6 +181,12 @@ Examples: Write memory profile to the specified file. This is useful when debugging memory usage of gocryptfs. +#### -nodev +See `-dev, -nodev`. + +#### -noexec +See `-exec, -noexec`. + #### -nonempty Allow mounting over non-empty directories. FUSE by default disallows this to prevent accidental shadowing of files. @@ -197,6 +212,9 @@ Diagnostic messages are normally redirected to syslog once gocryptfs daemonizes. This option disables the redirection and messages will continue be printed to stdout and stderr. +#### -nosuid +See `-suid, -nosuid`. + #### -notifypid int Send USR1 to the specified process after successful mount. This is used internally for daemonization. @@ -222,7 +240,7 @@ built-in crypto is 4x slower unless your CPU has AES instructions and you are using Go 1.6+. In mode "auto", gocrypts chooses the faster option. -#### -passfile string/ +#### -passfile string Read password from the specified file. This is a shortcut for specifying '-extpass="/bin/cat -- FILE"'. @@ -253,8 +271,9 @@ mounted using gocryptfs v1.2 and higher. Reverse mode shows a read-only encrypted view of a plaintext directory. Implies "-aessiv". -#### -ro -Mount the filesystem read-only. +#### -rw, -ro +Mount the filesystem read-write (`-rw`, default) or read-only (`-ro`). +If both are specified, `-ro` takes precence. #### -scryptn int scrypt cost parameter expressed as scryptn=log2(N). Possible values are @@ -311,6 +330,11 @@ Run crypto speed test. Benchmark Go's built-in GCM against OpenSSL (if available). The library that will be selected on "-openssl=auto" (the default) is marked as such. +#### -suid, -nosuid +Enable (`-suid`) or disable (`-nosuid`) suid and sgid executables in a gocryptfs +mount (default: `-nosuid`). If both are specified, `-nosuid` takes precedence. +You need root permissions to use `-suid`. + #### -trace string Write execution trace to file. View the trace using "go tool trace FILE". @@ -363,4 +387,4 @@ other: please check the error message SEE ALSO ======== -fuse(8) fallocate(2) +mount(2) fuse(8) fallocate(2) diff --git a/Documentation/performance.txt b/Documentation/performance.txt index dc51d54..1102527 100644 --- a/Documentation/performance.txt +++ b/Documentation/performance.txt @@ -41,6 +41,7 @@ v1.4-45-gd5671b7 183 282 14.9 7.3 1.1 2.9 v1.4-45-gd5671b7 252 285 15.5 7.2 1.1 2.9 go1.8.3, Linux 4.11 v1.4.1 253 285 16.0 7.4 1.3 3.0 go1.9, Linux 4.12.5 v1.4.1-6-g276567e 258 289 16.1 7.5 1.3 3.0 +v1.5 228 292 17.6 9.3 1.5 3.5 go1.10.2, Linux 4.16.8 Results for EncFS for comparison (benchmark.bash -encfs): @@ -153,13 +153,25 @@ RM: 4.42 Changelog --------- -vNEXT, in progress +v1.5, 2018-06-12 +* **Support extended attributes (xattr)** in forward mode + ([#217](https://github.com/rfjakob/gocryptfs/issues/217)). Older gocryptfs versions + will ignore the extended attributes. +* **Add `-fsck` function** + ([#191](https://github.com/rfjakob/gocryptfs/issues/191)) +* Fix clobbered timestamps on MacOS High Sierra + ([#229](https://github.com/rfjakob/gocryptfs/issues/229)) * Add `-masterkey=stdin` functionality ([#218](https://github.com/rfjakob/gocryptfs/issues/218)) -* Support extended attributes (xattr) in forward mode - ([#217](https://github.com/rfjakob/gocryptfs/issues/217)) -* Add `-fsck` function - ([#191](https://github.com/rfjakob/gocryptfs/issues/191)) +* Accept `-dev`/`-nodev`, `suid`/`nosuid`, `-exec`/`-noexec`, + `-ro`/`-rw` flags to make mounting via `/etc/fstab` possible. + Thanks @mahkoh! ([#233](https://github.com/rfjakob/gocryptfs/pull/233), + [commit](https://github.com/rfjakob/gocryptfs/commit/53d6a9999dd0e4c31636d16179f284fff35a35d9), + [commit](https://github.com/rfjakob/gocryptfs/commit/10212d791a3196c2c8705a7a3cccdeb14a8efdbe)) +* Fix a `logger` path issue on SuSE + [#225](https://github.com/rfjakob/gocryptfs/issues/225) +* Stop printing the help text on a "flag provided but not defined" + error ([commit](https://github.com/rfjakob/gocryptfs/commit/5ad26495fc86527bbfe75ac6b46528d49a373676)) v1.4.4, 2018-03-18 * Overwrite secrets in memory with zeros as soon as possible |