Rename --no-integrity-checks to --allow-integrity-violations

2018-04-29 13:41:21 -07:00 · 2018-04-29 13:41:21 -07:00 · f29e398e51
parent a691fd03dc
commit f29e398e51
11 changed files with 49 additions and 49 deletions
--- a/src/blockstore/implementations/integrity/IntegrityBlockStore2.cpp
+++ b/src/blockstore/implementations/integrity/IntegrityBlockStore2.cpp
@ -95,7 +95,7 @@ void IntegrityBlockStore2::_checkNoPastIntegrityViolations() const {
 }

 void IntegrityBlockStore2::integrityViolationDetected(const string &reason) const {
-  if (_noIntegrityChecks) {
+  if (_allowIntegrityViolations) {
    LOG(WARN, "Integrity violation (but integrity checks are disabled): {}", reason);
    return;
  }
@ -103,8 +103,8 @@ void IntegrityBlockStore2::integrityViolationDetected(const string &reason) cons
  throw IntegrityViolationError(reason);
 }

-IntegrityBlockStore2::IntegrityBlockStore2(unique_ref<BlockStore2> baseBlockStore, const boost::filesystem::path &integrityFilePath, uint32_t myClientId, bool noIntegrityChecks, bool missingBlockIsIntegrityViolation)
-: _baseBlockStore(std::move(baseBlockStore)), _knownBlockVersions(integrityFilePath, myClientId), _noIntegrityChecks(noIntegrityChecks), _missingBlockIsIntegrityViolation(missingBlockIsIntegrityViolation), _integrityViolationDetected(false) {
+IntegrityBlockStore2::IntegrityBlockStore2(unique_ref<BlockStore2> baseBlockStore, const boost::filesystem::path &integrityFilePath, uint32_t myClientId, bool allowIntegrityViolations, bool missingBlockIsIntegrityViolation)
+: _baseBlockStore(std::move(baseBlockStore)), _knownBlockVersions(integrityFilePath, myClientId), _allowIntegrityViolations(allowIntegrityViolations), _missingBlockIsIntegrityViolation(missingBlockIsIntegrityViolation), _integrityViolationDetected(false) {
 }

 bool IntegrityBlockStore2::tryCreate(const BlockId &blockId, const Data &data) {
--- a/src/blockstore/implementations/integrity/IntegrityBlockStore2.h
+++ b/src/blockstore/implementations/integrity/IntegrityBlockStore2.h
@ -16,7 +16,7 @@ namespace integrity {
 // It depends on being used on top of an encrypted block store that protects integrity of the block contents (i.e. uses an authenticated cipher).
 class IntegrityBlockStore2 final: public BlockStore2 {
 public:
-  IntegrityBlockStore2(cpputils::unique_ref<BlockStore2> baseBlockStore, const boost::filesystem::path &integrityFilePath, uint32_t myClientId, bool noIntegrityChecks, bool missingBlockIsIntegrityViolation);
+  IntegrityBlockStore2(cpputils::unique_ref<BlockStore2> baseBlockStore, const boost::filesystem::path &integrityFilePath, uint32_t myClientId, bool allowIntegrityViolations, bool missingBlockIsIntegrityViolation);

  bool tryCreate(const BlockId &blockId, const cpputils::Data &data) override;
  bool remove(const BlockId &blockId) override;
@ -66,7 +66,7 @@ private:

  cpputils::unique_ref<BlockStore2> _baseBlockStore;
  mutable KnownBlockVersions _knownBlockVersions;
-  const bool _noIntegrityChecks;
+  const bool _allowIntegrityViolations;
  const bool _missingBlockIsIntegrityViolation;
  mutable bool _integrityViolationDetected;

--- a/src/cryfs-cli/Cli.cpp
+++ b/src/cryfs-cli/Cli.cpp
@ -235,7 +235,7 @@ namespace cryfs {
          auto blockStore = make_unique_ref<OnDiskBlockStore2>(options.baseDir());
          auto config = _loadOrCreateConfig(options, localStateDir);
          CryDevice device(std::move(config.configFile), std::move(blockStore), std::move(localStateDir), config.myClientId,
-                           options.noIntegrityChecks(), config.configFile.config()->missingBlockIsIntegrityViolation());
+                           options.allowIntegrityViolations(), config.configFile.config()->missingBlockIsIntegrityViolation());
          _sanityCheckFilesystem(&device);
          fspp::FilesystemImpl fsimpl(&device);
          fspp::fuse::Fuse fuse(&fsimpl, "cryfs", "cryfs@" + options.baseDir().native());
--- a/src/cryfs-cli/program_options/Parser.cpp
+++ b/src/cryfs-cli/program_options/Parser.cpp
@ -79,7 +79,7 @@ ProgramOptions Parser::parse(const vector<string> &supportedCiphers) const {
    if (vm.count("blocksize")) {
        blocksizeBytes = vm["blocksize"].as<uint32_t>();
    }
-    bool noIntegrityChecks = vm.count("no-integrity-checks");
+    bool allowIntegrityViolations = vm.count("allow-integrity-violations");
    optional<bool> missingBlockIsIntegrityViolation = none;
    if (vm.count("missing-block-is-integrity-violation")) {
        missingBlockIsIntegrityViolation = vm["missing-block-is-integrity-violation"].as<bool>();
@ -95,7 +95,7 @@ ProgramOptions Parser::parse(const vector<string> &supportedCiphers) const {
        }
    }

-    return ProgramOptions(std::move(baseDir), std::move(mountDir), std::move(configfile), foreground, allowFilesystemUpgrade, allowReplacedFilesystem, std::move(unmountAfterIdleMinutes), std::move(logfile), std::move(cipher), blocksizeBytes, noIntegrityChecks, std::move(missingBlockIsIntegrityViolation), std::move(fuseOptions));
+    return ProgramOptions(std::move(baseDir), std::move(mountDir), std::move(configfile), foreground, allowFilesystemUpgrade, allowReplacedFilesystem, std::move(unmountAfterIdleMinutes), std::move(logfile), std::move(cipher), blocksizeBytes, allowIntegrityViolations, std::move(missingBlockIsIntegrityViolation), std::move(fuseOptions));
 }

 void Parser::_checkValidCipher(const string &cipher, const vector<string> &supportedCiphers) {
@ -166,8 +166,8 @@ void Parser::_addAllowedOptions(po::options_description *desc) {
            ("fuse-option,o", po::value<vector<string>>(), "Add a fuse mount option. Example: atime or noatime.")
            ("cipher", po::value<string>(), cipher_description.c_str())
            ("blocksize", po::value<uint32_t>(), blocksize_description.c_str())
-            ("no-integrity-checks", "Disable integrity checks. Integrity checks ensure that your file system was not manipulated or rolled back to an earlier version. Disabling them is needed if you want to load an old snapshot of your file system.")
            ("missing-block-is-integrity-violation", po::value<bool>(), "Whether to treat a missing block as an integrity violation. This makes sure you notice if an attacker deleted some of your files, but only works in single-client mode. You will not be able to use the file system on other devices.")
+            ("allow-integrity-violations", "Disable integrity checks. Integrity checks ensure that your file system was not manipulated or rolled back to an earlier version. Disabling them is needed if you want to load an old snapshot of your file system.")
            ("allow-filesystem-upgrade", "Allow upgrading the file system if it was created with an old CryFS version. After the upgrade, older CryFS versions might not be able to use the file system anymore.")
            ("allow-replaced-filesystem", "By default, CryFS remembers file systems it has seen in this base directory and checks that it didn't get replaced by an attacker with an entirely different file system since the last time it was loaded. However, if you do want to replace the file system with an entirely new one, you can pass in this option to disable the check.")
            ("show-ciphers", "Show list of supported ciphers.")
--- a/src/cryfs-cli/program_options/ProgramOptions.cpp
+++ b/src/cryfs-cli/program_options/ProgramOptions.cpp
@ -12,10 +12,10 @@ ProgramOptions::ProgramOptions(bf::path baseDir, bf::path mountDir, optional<bf:
                               bool foreground, bool allowFilesystemUpgrade, bool allowReplacedFilesystem, optional<double> unmountAfterIdleMinutes,
                               optional<bf::path> logFile, optional<string> cipher,
                               optional<uint32_t> blocksizeBytes,
-                               bool noIntegrityChecks,
+                               bool allowIntegrityViolations,
                               boost::optional<bool> missingBlockIsIntegrityViolation,
                               vector<string> fuseOptions)
-    :_baseDir(std::move(baseDir)), _mountDir(std::move(mountDir)), _configFile(std::move(configFile)), _foreground(foreground), _allowFilesystemUpgrade(allowFilesystemUpgrade), _allowReplacedFilesystem(allowReplacedFilesystem), _noIntegrityChecks(noIntegrityChecks),
+    :_baseDir(std::move(baseDir)), _mountDir(std::move(mountDir)), _configFile(std::move(configFile)), _foreground(foreground), _allowFilesystemUpgrade(allowFilesystemUpgrade), _allowReplacedFilesystem(allowReplacedFilesystem), _allowIntegrityViolations(allowIntegrityViolations),
     _cipher(std::move(cipher)), _blocksizeBytes(std::move(blocksizeBytes)), _unmountAfterIdleMinutes(std::move(unmountAfterIdleMinutes)),
     _missingBlockIsIntegrityViolation(std::move(missingBlockIsIntegrityViolation)), _logFile(std::move(logFile)), _fuseOptions(std::move(fuseOptions)) {
 }
@ -56,8 +56,8 @@ const optional<uint32_t> &ProgramOptions::blocksizeBytes() const {
    return _blocksizeBytes;
 }

-bool ProgramOptions::noIntegrityChecks() const {
-    return _noIntegrityChecks;
+bool ProgramOptions::allowIntegrityViolations() const {
+    return _allowIntegrityViolations;
 }

 bool ProgramOptions::allowReplacedFilesystem() const {
--- a/src/cryfs-cli/program_options/ProgramOptions.h
+++ b/src/cryfs-cli/program_options/ProgramOptions.h
@ -18,7 +18,7 @@ namespace cryfs {
                           boost::optional<boost::filesystem::path> logFile,
                           boost::optional<std::string> cipher,
                           boost::optional<uint32_t> blocksizeBytes,
-                           bool noIntegrityChecks,
+                           bool allowIntegrityViolations,
                           boost::optional<bool> missingBlockIsIntegrityViolation,
                           std::vector<std::string> fuseOptions);
            ProgramOptions(ProgramOptions &&rhs) = default;
@ -32,7 +32,7 @@ namespace cryfs {
            const boost::optional<std::string> &cipher() const;
            const boost::optional<uint32_t> &blocksizeBytes() const;
            const boost::optional<double> &unmountAfterIdleMinutes() const;
-            bool noIntegrityChecks() const;
+            bool allowIntegrityViolations() const;
            const boost::optional<bool> &missingBlockIsIntegrityViolation() const;
            const boost::optional<boost::filesystem::path> &logFile() const;
            const std::vector<std::string> &fuseOptions() const;
@ -44,7 +44,7 @@ namespace cryfs {
            bool _foreground;
            bool _allowFilesystemUpgrade;
            bool _allowReplacedFilesystem;
-            bool _noIntegrityChecks;
+            bool _allowIntegrityViolations;
            boost::optional<std::string> _cipher;
            boost::optional<uint32_t> _blocksizeBytes;
            boost::optional<double> _unmountAfterIdleMinutes;
--- a/src/cryfs/filesystem/CryDevice.cpp
+++ b/src/cryfs/filesystem/CryDevice.cpp
@ -51,14 +51,14 @@ namespace bf = boost::filesystem;

 namespace cryfs {

-CryDevice::CryDevice(CryConfigFile configFile, unique_ref<BlockStore2> blockStore, const LocalStateDir& localStateDir, uint32_t myClientId, bool noIntegrityChecks, bool missingBlockIsIntegrityViolation)
-: _fsBlobStore(CreateFsBlobStore(std::move(blockStore), &configFile, localStateDir, myClientId, noIntegrityChecks, missingBlockIsIntegrityViolation)),
+CryDevice::CryDevice(CryConfigFile configFile, unique_ref<BlockStore2> blockStore, const LocalStateDir& localStateDir, uint32_t myClientId, bool allowIntegrityViolations, bool missingBlockIsIntegrityViolation)
+: _fsBlobStore(CreateFsBlobStore(std::move(blockStore), &configFile, localStateDir, myClientId, allowIntegrityViolations, missingBlockIsIntegrityViolation)),
  _rootBlobId(GetOrCreateRootBlobId(&configFile)),
  _onFsAction() {
 }

-unique_ref<parallelaccessfsblobstore::ParallelAccessFsBlobStore> CryDevice::CreateFsBlobStore(unique_ref<BlockStore2> blockStore, CryConfigFile *configFile, const LocalStateDir& localStateDir, uint32_t myClientId, bool noIntegrityChecks, bool missingBlockIsIntegrityViolation) {
-  auto blobStore = CreateBlobStore(std::move(blockStore), localStateDir, configFile, myClientId, noIntegrityChecks, missingBlockIsIntegrityViolation);
+unique_ref<parallelaccessfsblobstore::ParallelAccessFsBlobStore> CryDevice::CreateFsBlobStore(unique_ref<BlockStore2> blockStore, CryConfigFile *configFile, const LocalStateDir& localStateDir, uint32_t myClientId, bool allowIntegrityViolations, bool missingBlockIsIntegrityViolation) {
+  auto blobStore = CreateBlobStore(std::move(blockStore), localStateDir, configFile, myClientId, allowIntegrityViolations, missingBlockIsIntegrityViolation);

 #ifndef CRYFS_NO_COMPATIBILITY
  auto fsBlobStore = MigrateOrCreateFsBlobStore(std::move(blobStore), configFile);
@ -83,8 +83,8 @@ unique_ref<fsblobstore::FsBlobStore> CryDevice::MigrateOrCreateFsBlobStore(uniqu
 }
 #endif

-unique_ref<blobstore::BlobStore> CryDevice::CreateBlobStore(unique_ref<BlockStore2> blockStore, const LocalStateDir& localStateDir, CryConfigFile *configFile, uint32_t myClientId, bool noIntegrityChecks, bool missingBlockIsIntegrityViolation) {
-  auto integrityEncryptedBlockStore = CreateIntegrityEncryptedBlockStore(std::move(blockStore), localStateDir, configFile, myClientId, noIntegrityChecks, missingBlockIsIntegrityViolation);
+unique_ref<blobstore::BlobStore> CryDevice::CreateBlobStore(unique_ref<BlockStore2> blockStore, const LocalStateDir& localStateDir, CryConfigFile *configFile, uint32_t myClientId, bool allowIntegrityViolations, bool missingBlockIsIntegrityViolation) {
+  auto integrityEncryptedBlockStore = CreateIntegrityEncryptedBlockStore(std::move(blockStore), localStateDir, configFile, myClientId, allowIntegrityViolations, missingBlockIsIntegrityViolation);
  // Create integrityEncryptedBlockStore not in the same line as BlobStoreOnBlocks, because it can modify BlocksizeBytes
  // in the configFile and therefore has to be run before the second parameter to the BlobStoreOnBlocks parameter is evaluated.
  return make_unique_ref<BlobStoreOnBlocks>(
@ -96,7 +96,7 @@ unique_ref<blobstore::BlobStore> CryDevice::CreateBlobStore(unique_ref<BlockStor
     configFile->config()->BlocksizeBytes());
 }

-unique_ref<BlockStore2> CryDevice::CreateIntegrityEncryptedBlockStore(unique_ref<BlockStore2> blockStore, const LocalStateDir& localStateDir, CryConfigFile *configFile, uint32_t myClientId, bool noIntegrityChecks, bool missingBlockIsIntegrityViolation) {
+unique_ref<BlockStore2> CryDevice::CreateIntegrityEncryptedBlockStore(unique_ref<BlockStore2> blockStore, const LocalStateDir& localStateDir, CryConfigFile *configFile, uint32_t myClientId, bool allowIntegrityViolations, bool missingBlockIsIntegrityViolation) {
  auto encryptedBlockStore = CreateEncryptedBlockStore(*configFile->config(), std::move(blockStore));
  auto statePath = localStateDir.forFilesystemId(configFile->config()->FilesystemId());
  auto integrityFilePath = statePath / "integritydata";
@ -110,7 +110,7 @@ unique_ref<BlockStore2> CryDevice::CreateIntegrityEncryptedBlockStore(unique_ref
  }
 #endif

-  return make_unique_ref<IntegrityBlockStore2>(std::move(encryptedBlockStore), integrityFilePath, myClientId, noIntegrityChecks, missingBlockIsIntegrityViolation);
+  return make_unique_ref<IntegrityBlockStore2>(std::move(encryptedBlockStore), integrityFilePath, myClientId, allowIntegrityViolations, missingBlockIsIntegrityViolation);
 }

 BlockId CryDevice::CreateRootBlobAndReturnId() {
--- a/src/cryfs/filesystem/CryDevice.h
+++ b/src/cryfs/filesystem/CryDevice.h
@ -19,7 +19,7 @@ namespace cryfs {

 class CryDevice final: public fspp::Device {
 public:
-  CryDevice(CryConfigFile config, cpputils::unique_ref<blockstore::BlockStore2> blockStore, const LocalStateDir& localStateDir, uint32_t myClientId, bool noIntegrityChecks, bool missingBlockIsIntegrityViolation);
+  CryDevice(CryConfigFile config, cpputils::unique_ref<blockstore::BlockStore2> blockStore, const LocalStateDir& localStateDir, uint32_t myClientId, bool allowIntegrityViolations, bool missingBlockIsIntegrityViolation);

  void statfs(const boost::filesystem::path &path, struct ::statvfs *fsstat) override;

@ -54,12 +54,12 @@ private:

  blockstore::BlockId GetOrCreateRootBlobId(CryConfigFile *config);
  blockstore::BlockId CreateRootBlobAndReturnId();
-  static cpputils::unique_ref<parallelaccessfsblobstore::ParallelAccessFsBlobStore> CreateFsBlobStore(cpputils::unique_ref<blockstore::BlockStore2> blockStore, CryConfigFile *configFile, const LocalStateDir& localStateDir, uint32_t myClientId, bool noIntegrityChecks, bool missingBlockIsIntegrityViolation);
+  static cpputils::unique_ref<parallelaccessfsblobstore::ParallelAccessFsBlobStore> CreateFsBlobStore(cpputils::unique_ref<blockstore::BlockStore2> blockStore, CryConfigFile *configFile, const LocalStateDir& localStateDir, uint32_t myClientId, bool allowIntegrityViolations, bool missingBlockIsIntegrityViolation);
 #ifndef CRYFS_NO_COMPATIBILITY
  static cpputils::unique_ref<fsblobstore::FsBlobStore> MigrateOrCreateFsBlobStore(cpputils::unique_ref<blobstore::BlobStore> blobStore, CryConfigFile *configFile);
 #endif
-  static cpputils::unique_ref<blobstore::BlobStore> CreateBlobStore(cpputils::unique_ref<blockstore::BlockStore2> blockStore, const LocalStateDir& localStateDir, CryConfigFile *configFile, uint32_t myClientId, bool noIntegrityChecks, bool missingBlockIsIntegrityViolation);
-  static cpputils::unique_ref<blockstore::BlockStore2> CreateIntegrityEncryptedBlockStore(cpputils::unique_ref<blockstore::BlockStore2> blockStore, const LocalStateDir& localStateDir, CryConfigFile *configFile, uint32_t myClientId, bool noIntegrityChecks, bool missingBlockIsIntegrityViolation);
+  static cpputils::unique_ref<blobstore::BlobStore> CreateBlobStore(cpputils::unique_ref<blockstore::BlockStore2> blockStore, const LocalStateDir& localStateDir, CryConfigFile *configFile, uint32_t myClientId, bool allowIntegrityViolations, bool missingBlockIsIntegrityViolation);
+  static cpputils::unique_ref<blockstore::BlockStore2> CreateIntegrityEncryptedBlockStore(cpputils::unique_ref<blockstore::BlockStore2> blockStore, const LocalStateDir& localStateDir, CryConfigFile *configFile, uint32_t myClientId, bool allowIntegrityViolations, bool missingBlockIsIntegrityViolation);
  static cpputils::unique_ref<blockstore::BlockStore2> CreateEncryptedBlockStore(const CryConfig &config, cpputils::unique_ref<blockstore::BlockStore2> baseBlockStore);

  struct BlobWithParent {
--- a/test/blockstore/implementations/integrity/IntegrityBlockStoreTest_Generic.cpp
+++ b/test/blockstore/implementations/integrity/IntegrityBlockStoreTest_Generic.cpp
@ -17,7 +17,7 @@ using cpputils::make_unique_ref;
 using cpputils::unique_ref;
 using cpputils::TempFile;

-template<bool NoIntegrityChecks, bool MissingBlockIsIntegrityViolation>
+template<bool AllowIntegrityViolations, bool MissingBlockIsIntegrityViolation>
 class IntegrityBlockStoreTestFixture: public BlockStoreTestFixture {
 public:
   IntegrityBlockStoreTestFixture() :stateFile(false) {}
@ -25,38 +25,38 @@ public:
  TempFile stateFile;
  unique_ref<BlockStore> createBlockStore() override {
    return make_unique_ref<LowToHighLevelBlockStore>(
-        make_unique_ref<IntegrityBlockStore2>(make_unique_ref<InMemoryBlockStore2>(), stateFile.path(), 0x12345678, NoIntegrityChecks, MissingBlockIsIntegrityViolation)
+        make_unique_ref<IntegrityBlockStore2>(make_unique_ref<InMemoryBlockStore2>(), stateFile.path(), 0x12345678, AllowIntegrityViolations, MissingBlockIsIntegrityViolation)
    );
  }
 };

 using IntegrityBlockStoreTestFixture_multiclient = IntegrityBlockStoreTestFixture<false, false>;
 using IntegrityBlockStoreTestFixture_singleclient = IntegrityBlockStoreTestFixture<false, true>;
-using IntegrityBlockStoreTestFixture_multiclient_noIntegrityChecks = IntegrityBlockStoreTestFixture<true, false>;
-using IntegrityBlockStoreTestFixture_singleclient_noIntegrityChecks = IntegrityBlockStoreTestFixture<true, true>;
+using IntegrityBlockStoreTestFixture_multiclient_allowIntegrityViolations = IntegrityBlockStoreTestFixture<true, false>;
+using IntegrityBlockStoreTestFixture_singleclient_allowIntegrityViolations = IntegrityBlockStoreTestFixture<true, true>;

 INSTANTIATE_TYPED_TEST_CASE_P(Integrity_multiclient, BlockStoreTest, IntegrityBlockStoreTestFixture_multiclient);
 INSTANTIATE_TYPED_TEST_CASE_P(Integrity_singleclient, BlockStoreTest, IntegrityBlockStoreTestFixture_singleclient);
-INSTANTIATE_TYPED_TEST_CASE_P(Integrity_multiclient_noIntegrityChecks, BlockStoreTest, IntegrityBlockStoreTestFixture_multiclient_noIntegrityChecks);
-INSTANTIATE_TYPED_TEST_CASE_P(Integrity_singleclient_noIntegrityChecks, BlockStoreTest, IntegrityBlockStoreTestFixture_singleclient_noIntegrityChecks);
+INSTANTIATE_TYPED_TEST_CASE_P(Integrity_multiclient_allowIntegrityViolations, BlockStoreTest, IntegrityBlockStoreTestFixture_multiclient_allowIntegrityViolations);
+INSTANTIATE_TYPED_TEST_CASE_P(Integrity_singleclient_allowIntegrityViolations, BlockStoreTest, IntegrityBlockStoreTestFixture_singleclient_allowIntegrityViolations);

-template<bool NoIntegrityChecks, bool MissingBlockIsIntegrityViolation>
+template<bool AllowIntegrityViolations, bool MissingBlockIsIntegrityViolation>
 class IntegrityBlockStore2TestFixture: public BlockStore2TestFixture {
 public:
  IntegrityBlockStore2TestFixture() :stateFile(false) {}

  TempFile stateFile;
  unique_ref<BlockStore2> createBlockStore() override {
-    return make_unique_ref<IntegrityBlockStore2>(make_unique_ref<InMemoryBlockStore2>(), stateFile.path(), 0x12345678, NoIntegrityChecks, MissingBlockIsIntegrityViolation);
+    return make_unique_ref<IntegrityBlockStore2>(make_unique_ref<InMemoryBlockStore2>(), stateFile.path(), 0x12345678, AllowIntegrityViolations, MissingBlockIsIntegrityViolation);
  }
 };

 using IntegrityBlockStore2TestFixture_multiclient = IntegrityBlockStore2TestFixture<false, false>;
 using IntegrityBlockStore2TestFixture_singleclient = IntegrityBlockStore2TestFixture<false, true>;
-using IntegrityBlockStore2TestFixture_multiclient_noIntegrityChecks = IntegrityBlockStore2TestFixture<true, false>;
-using IntegrityBlockStore2TestFixture_singleclient_noIntegrityChecks = IntegrityBlockStore2TestFixture<true, true>;
+using IntegrityBlockStore2TestFixture_multiclient_allowIntegrityViolations = IntegrityBlockStore2TestFixture<true, false>;
+using IntegrityBlockStore2TestFixture_singleclient_allowIntegrityViolations = IntegrityBlockStore2TestFixture<true, true>;

 INSTANTIATE_TYPED_TEST_CASE_P(Integrity_multiclient, BlockStore2Test, IntegrityBlockStore2TestFixture_multiclient);
 INSTANTIATE_TYPED_TEST_CASE_P(Integrity_singleclient, BlockStore2Test, IntegrityBlockStore2TestFixture_singleclient);
-INSTANTIATE_TYPED_TEST_CASE_P(Integrity_multiclient_noIntegrityChecks, BlockStore2Test, IntegrityBlockStore2TestFixture_multiclient_noIntegrityChecks);
-INSTANTIATE_TYPED_TEST_CASE_P(Integrity_singleclient_noIntegrityChecks, BlockStore2Test, IntegrityBlockStore2TestFixture_singleclient_noIntegrityChecks);
+INSTANTIATE_TYPED_TEST_CASE_P(Integrity_multiclient_allowIntegrityViolations, BlockStore2Test, IntegrityBlockStore2TestFixture_multiclient_allowIntegrityViolations);
+INSTANTIATE_TYPED_TEST_CASE_P(Integrity_singleclient_allowIntegrityViolations, BlockStore2Test, IntegrityBlockStore2TestFixture_singleclient_allowIntegrityViolations);
--- a/test/cryfs-cli/program_options/ParserTest.cpp
+++ b/test/cryfs-cli/program_options/ParserTest.cpp
@ -202,14 +202,14 @@ TEST_F(ProgramOptionsParserTest, MissingBlockIsIntegrityViolationGiven_False) {
    EXPECT_FALSE(options.missingBlockIsIntegrityViolation().value());
 }

-TEST_F(ProgramOptionsParserTest, NoIntegrityChecks_True) {
-    ProgramOptions options = parse({"./myExecutable", "/home/user/baseDir", "--no-integrity-checks", "/home/user/mountDir"});
-    EXPECT_TRUE(options.noIntegrityChecks());
+TEST_F(ProgramOptionsParserTest, AllowIntegrityViolations_True) {
+    ProgramOptions options = parse({"./myExecutable", "/home/user/baseDir", "--allow-integrity-violations", "/home/user/mountDir"});
+    EXPECT_TRUE(options.allowIntegrityViolations());
 }

-TEST_F(ProgramOptionsParserTest, NoIntegrityChecks_False) {
+TEST_F(ProgramOptionsParserTest, AllowIntegrityViolations_False) {
    ProgramOptions options = parse({"./myExecutable", "/home/user/baseDir", "/home/user/mountDir"});
-    EXPECT_FALSE(options.noIntegrityChecks());
+    EXPECT_FALSE(options.allowIntegrityViolations());
 }

 TEST_F(ProgramOptionsParserTest, MissingBlockIsIntegrityViolationNotGiven) {
--- a/test/cryfs-cli/program_options/ProgramOptionsTest.cpp
+++ b/test/cryfs-cli/program_options/ProgramOptionsTest.cpp
@ -116,14 +116,14 @@ TEST_F(ProgramOptionsTest, MissingBlockIsIntegrityViolationNone) {
    EXPECT_EQ(none, testobj.missingBlockIsIntegrityViolation());
 }

-TEST_F(ProgramOptionsTest, NoIntegrityChecksFalse) {
+TEST_F(ProgramOptionsTest, AllowIntegrityViolationsFalse) {
    ProgramOptions testobj("", "", none, true, false, false, none, none, none, none, false, none, {"./myExecutable"});
-    EXPECT_FALSE(testobj.noIntegrityChecks());
+    EXPECT_FALSE(testobj.allowIntegrityViolations());
 }

-TEST_F(ProgramOptionsTest, NoIntegrityChecksTrue) {
+TEST_F(ProgramOptionsTest, AllowIntegrityViolationsTrue) {
    ProgramOptions testobj("", "", none, true, false, false, none, none, none, none, true, none, {"./myExecutable"});
-    EXPECT_TRUE(testobj.noIntegrityChecks());
+    EXPECT_TRUE(testobj.allowIntegrityViolations());
 }

 TEST_F(ProgramOptionsTest, EmptyFuseOptions) {