aboutsummaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/MANPAGE.md32
-rw-r--r--Documentation/performance.txt1
2 files changed, 29 insertions, 4 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md
index 1c7e7b9..4aa9fb9 100644
--- a/Documentation/MANPAGE.md
+++ b/Documentation/MANPAGE.md
@@ -54,6 +54,11 @@ be suitable.
#### -d, -debug
Enable debug output.
+#### -dev, -nodev
+Enable (`-dev`) or disable (`-nodev`) device files in a gocryptfs mount
+(default: `-nodev`). If both are specified, `-nodev` takes precedence.
+You need root permissions to use `-dev`.
+
#### -devrandom
Use /dev/random for generating the master key instead of the default Go
implementation. This is especially useful on embedded systems with Go versions
@@ -61,6 +66,10 @@ prior to 1.9, which fall back to weak random data when the getrandom syscall
is blocking. Using this option can block indefinitely when the kernel cannot
harvest enough entropy.
+#### -exec, -noexec
+Enable (`-exec`) or disable (`-noexec`) executables in a gocryptfs mount
+(default: `-exec`). If both are specified, `-noexec` takes precedence.
+
#### -extpass string
Use an external program (like ssh-askpass) for the password prompt.
The program should return the password on stdout, a trailing newline is
@@ -172,6 +181,12 @@ Examples:
Write memory profile to the specified file. This is useful when debugging
memory usage of gocryptfs.
+#### -nodev
+See `-dev, -nodev`.
+
+#### -noexec
+See `-exec, -noexec`.
+
#### -nonempty
Allow mounting over non-empty directories. FUSE by default disallows
this to prevent accidental shadowing of files.
@@ -197,6 +212,9 @@ Diagnostic messages are normally redirected to syslog once gocryptfs
daemonizes. This option disables the redirection and messages will
continue be printed to stdout and stderr.
+#### -nosuid
+See `-suid, -nosuid`.
+
#### -notifypid int
Send USR1 to the specified process after successful mount. This is
used internally for daemonization.
@@ -222,7 +240,7 @@ built-in crypto is 4x slower unless your CPU has AES instructions and
you are using Go 1.6+. In mode "auto", gocrypts chooses the faster
option.
-#### -passfile string/
+#### -passfile string
Read password from the specified file. This is a shortcut for
specifying '-extpass="/bin/cat -- FILE"'.
@@ -253,8 +271,9 @@ mounted using gocryptfs v1.2 and higher.
Reverse mode shows a read-only encrypted view of a plaintext
directory. Implies "-aessiv".
-#### -ro
-Mount the filesystem read-only.
+#### -rw, -ro
+Mount the filesystem read-write (`-rw`, default) or read-only (`-ro`).
+If both are specified, `-ro` takes precence.
#### -scryptn int
scrypt cost parameter expressed as scryptn=log2(N). Possible values are
@@ -311,6 +330,11 @@ Run crypto speed test. Benchmark Go's built-in GCM against OpenSSL
(if available). The library that will be selected on "-openssl=auto"
(the default) is marked as such.
+#### -suid, -nosuid
+Enable (`-suid`) or disable (`-nosuid`) suid and sgid executables in a gocryptfs
+mount (default: `-nosuid`). If both are specified, `-nosuid` takes precedence.
+You need root permissions to use `-suid`.
+
#### -trace string
Write execution trace to file. View the trace using "go tool trace FILE".
@@ -363,4 +387,4 @@ other: please check the error message
SEE ALSO
========
-fuse(8) fallocate(2)
+mount(2) fuse(8) fallocate(2)
diff --git a/Documentation/performance.txt b/Documentation/performance.txt
index dc51d54..1102527 100644
--- a/Documentation/performance.txt
+++ b/Documentation/performance.txt
@@ -41,6 +41,7 @@ v1.4-45-gd5671b7 183 282 14.9 7.3 1.1 2.9
v1.4-45-gd5671b7 252 285 15.5 7.2 1.1 2.9 go1.8.3, Linux 4.11
v1.4.1 253 285 16.0 7.4 1.3 3.0 go1.9, Linux 4.12.5
v1.4.1-6-g276567e 258 289 16.1 7.5 1.3 3.0
+v1.5 228 292 17.6 9.3 1.5 3.5 go1.10.2, Linux 4.16.8
Results for EncFS for comparison (benchmark.bash -encfs):