fs_crypto_domain_lock()

Lock a domain

Synopsis:

#include <fs_crypto_api.h>
#include <sys/fs_crypto.h>

int fs_crypto_domain_lock( const char *path,
                           int domain,
                           int *preply );

Arguments:

path
The path to the filesystem's mountpoint.
domain
The number of the domain that you want to lock.
preply
A pointer to a location where the function can store additional success or error information.

Library:

libfscrypto

Use the -l fscrypto option to qcc to link against this library.

Description:

The fs_crypto_domain_lock() function locks a domain, preventing access to the original contents of any file belonging to the given domain. The function allows existing open file descriptors to process their files, but no new files can be opened. When active, the function zeros the individual file encryption keys (FEKs).

Note:
  • In order to use filesystem encryption, download the Encrypted Filesystem package from the QNX Software Center.
  • You must be in the group that owns the filesystem's mountpoint in order to lock a domain.

This function sets the variable pointed to by preply to one of the following values:

FS_CRYPTO_REPLY_ALREADY
The domain was already locked.
FS_CRYPTO_REPLY_COMPLETE
The domain is now locked.
FS_CRYPTO_REPLY_INVALID
The command wasn't completed successfully.
FS_CRYPTO_REPLY_NOENTRY
No entry was found for the given domain.
FS_CRYPTO_REPLY_UNKNOWN_TYPE
The type of encryption used for the domain is invalid.

Returns:

EOK
Success.
EINVAL
Invalid arguments.
ENOMEM
Insufficent free memory.

This function can also return any of the errors indicated by devctl() or open().

Classification:

QNX Neutrino

Safety:  
Cancellation point Yes
Interrupt handler No
Signal handler No
Thread Yes