From 009cc0ae8be9322e4c5b10050db3eb0495c674e6 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 10 Jun 2018 19:30:10 +0200 Subject: Update README and MANPAGE for v1.5 Also update the performance numbers. I see some slowdown, reason is not yet clear, but nothing to block the release. --- Documentation/MANPAGE.md | 32 ++++++++++++++++++++++++++++---- Documentation/performance.txt | 1 + 2 files changed, 29 insertions(+), 4 deletions(-) (limited to 'Documentation') diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index 1c7e7b9..4aa9fb9 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -54,6 +54,11 @@ be suitable. #### -d, -debug Enable debug output. +#### -dev, -nodev +Enable (`-dev`) or disable (`-nodev`) device files in a gocryptfs mount +(default: `-nodev`). If both are specified, `-nodev` takes precedence. +You need root permissions to use `-dev`. + #### -devrandom Use /dev/random for generating the master key instead of the default Go implementation. This is especially useful on embedded systems with Go versions @@ -61,6 +66,10 @@ prior to 1.9, which fall back to weak random data when the getrandom syscall is blocking. Using this option can block indefinitely when the kernel cannot harvest enough entropy. +#### -exec, -noexec +Enable (`-exec`) or disable (`-noexec`) executables in a gocryptfs mount +(default: `-exec`). If both are specified, `-noexec` takes precedence. + #### -extpass string Use an external program (like ssh-askpass) for the password prompt. The program should return the password on stdout, a trailing newline is @@ -172,6 +181,12 @@ Examples: Write memory profile to the specified file. This is useful when debugging memory usage of gocryptfs. +#### -nodev +See `-dev, -nodev`. + +#### -noexec +See `-exec, -noexec`. + #### -nonempty Allow mounting over non-empty directories. FUSE by default disallows this to prevent accidental shadowing of files. @@ -197,6 +212,9 @@ Diagnostic messages are normally redirected to syslog once gocryptfs daemonizes. This option disables the redirection and messages will continue be printed to stdout and stderr. +#### -nosuid +See `-suid, -nosuid`. + #### -notifypid int Send USR1 to the specified process after successful mount. This is used internally for daemonization. @@ -222,7 +240,7 @@ built-in crypto is 4x slower unless your CPU has AES instructions and you are using Go 1.6+. In mode "auto", gocrypts chooses the faster option. -#### -passfile string/ +#### -passfile string Read password from the specified file. This is a shortcut for specifying '-extpass="/bin/cat -- FILE"'. @@ -253,8 +271,9 @@ mounted using gocryptfs v1.2 and higher. Reverse mode shows a read-only encrypted view of a plaintext directory. Implies "-aessiv". -#### -ro -Mount the filesystem read-only. +#### -rw, -ro +Mount the filesystem read-write (`-rw`, default) or read-only (`-ro`). +If both are specified, `-ro` takes precence. #### -scryptn int scrypt cost parameter expressed as scryptn=log2(N). Possible values are @@ -311,6 +330,11 @@ Run crypto speed test. Benchmark Go's built-in GCM against OpenSSL (if available). The library that will be selected on "-openssl=auto" (the default) is marked as such. +#### -suid, -nosuid +Enable (`-suid`) or disable (`-nosuid`) suid and sgid executables in a gocryptfs +mount (default: `-nosuid`). If both are specified, `-nosuid` takes precedence. +You need root permissions to use `-suid`. + #### -trace string Write execution trace to file. View the trace using "go tool trace FILE". @@ -363,4 +387,4 @@ other: please check the error message SEE ALSO ======== -fuse(8) fallocate(2) +mount(2) fuse(8) fallocate(2) diff --git a/Documentation/performance.txt b/Documentation/performance.txt index dc51d54..1102527 100644 --- a/Documentation/performance.txt +++ b/Documentation/performance.txt @@ -41,6 +41,7 @@ v1.4-45-gd5671b7 183 282 14.9 7.3 1.1 2.9 v1.4-45-gd5671b7 252 285 15.5 7.2 1.1 2.9 go1.8.3, Linux 4.11 v1.4.1 253 285 16.0 7.4 1.3 3.0 go1.9, Linux 4.12.5 v1.4.1-6-g276567e 258 289 16.1 7.5 1.3 3.0 +v1.5 228 292 17.6 9.3 1.5 3.5 go1.10.2, Linux 4.16.8 Results for EncFS for comparison (benchmark.bash -encfs): -- cgit v1.2.3