fscrypt.git/cli-tests/t_not_supported.out, branch v0.3.3 Go tool for managing Linux filesystem encryption filesystem: avoid accessing irrelevant filesystems 2021-12-20T16:24:15+00:00 Eric Biggers ebiggers@google.com 2021-12-20T04:17:20+00:00 d0b9e2c995beb13c70a1549923df482ff773f09b Forbid 'fscrypt setup' on filesystems that aren't expected to support encryption (other than the root filesystem), and skip looking for fscrypt metadata directories on such filesystems. This has two benefits. First, it avoids the printing of annoying warnings like: pam_fscrypt[75038]: stat /run/user/0/.fscrypt: permission denied pam_fscrypt[75038]: stat /run/user/0/.fscrypt/policies: permission denied pam_fscrypt[75038]: stat /run/user/0/.fscrypt/protectors: permission denied pam_fscrypt[75038]: stat /sys/firmware/efi/efivars/.fscrypt: invalid argument pam_fscrypt[75038]: stat /sys/firmware/efi/efivars/.fscrypt/policies: invalid argument pam_fscrypt[75038]: stat /sys/firmware/efi/efivars/.fscrypt/protectors: invalid argument pam_fscrypt[75038]: stat /sys/fs/pstore/.fscrypt: permission denied pam_fscrypt[75038]: stat /sys/fs/pstore/.fscrypt/policies: permission denied pam_fscrypt[75038]: stat /sys/fs/pstore/.fscrypt/protectors: permission denied Second, it avoids long delays or side effects on some filesystems. To do this, introduce an allowlist of filesystem types that fscrypt will recognize. I wanted to avoid doing this, since this list will need to be updated in the future, but I don't see a better solution. 
Forbid 'fscrypt setup' on filesystems that aren't expected to support
encryption (other than the root filesystem), and skip looking for
fscrypt metadata directories on such filesystems.  This has two
benefits.  First, it avoids the printing of annoying warnings like:

	pam_fscrypt[75038]: stat /run/user/0/.fscrypt: permission denied
	pam_fscrypt[75038]: stat /run/user/0/.fscrypt/policies: permission denied
	pam_fscrypt[75038]: stat /run/user/0/.fscrypt/protectors: permission denied
	pam_fscrypt[75038]: stat /sys/firmware/efi/efivars/.fscrypt: invalid argument
	pam_fscrypt[75038]: stat /sys/firmware/efi/efivars/.fscrypt/policies: invalid argument
	pam_fscrypt[75038]: stat /sys/firmware/efi/efivars/.fscrypt/protectors: invalid argument
	pam_fscrypt[75038]: stat /sys/fs/pstore/.fscrypt: permission denied
	pam_fscrypt[75038]: stat /sys/fs/pstore/.fscrypt/policies: permission denied
	pam_fscrypt[75038]: stat /sys/fs/pstore/.fscrypt/protectors: permission denied

Second, it avoids long delays or side effects on some filesystems.

To do this, introduce an allowlist of filesystem types that fscrypt will
recognize.  I wanted to avoid doing this, since this list will need to
be updated in the future, but I don't see a better solution.
filesystem: improve errors 2020-05-09T22:21:31+00:00 Eric Biggers ebiggers@google.com 2020-05-09T21:52:07+00:00 66fb4c557644ba2c37951a7568c06c47a6c718a7 Introduce filesystem.ErrEncryptionNotEnabled and filesystem.ErrEncryptionNotSupported which include the Mount as context, and translate the corresponding metadata/ errors into them. Then make these errors show much better suggestions. Also replace lots of other filesystem/ errors with either custom types or with unnamed one-off errors that include more context. Fix backwards wrapping in lots of cases. Finally, don't include the mountpoint in places where it's not useful, like OS-level errors that already include the path. 
Introduce filesystem.ErrEncryptionNotEnabled and
filesystem.ErrEncryptionNotSupported which include the Mount as context,
and translate the corresponding metadata/ errors into them.  Then make
these errors show much better suggestions.

Also replace lots of other filesystem/ errors with either custom types
or with unnamed one-off errors that include more context.  Fix backwards
wrapping in lots of cases.

Finally, don't include the mountpoint in places where it's not useful,
like OS-level errors that already include the path.
metadata: improve errors 2020-05-09T22:21:31+00:00 Eric Biggers ebiggers@google.com 2020-05-09T21:52:07+00:00 fbc161a77962fe64e3caad80efb535d28d8c1f74 ErrBadOwners: Rename to ErrDirectoryNotOwned for clarity, move it from cmd/fscrypt/ to metadata/ where it better belongs, and improve the message. ErrEncrypted: Rename to ErrAlreadyEncrypted for clarity, and include the path. ErrNotEncrypted: Include the path. ErrBadEncryptionOptions: Include the path and bad options. ErrEncryptionNotSupported: ErrEncryptionNotEnabled: Don't wrap with "get encryption policy %s", in preparation for wrapping these with filesystem-level context instead. Also avoid mixing together the error handling for the "get policy" and "set policy" ioctls. Make it very clear how we're handling the errors from each ioctl. 
ErrBadOwners:
	Rename to ErrDirectoryNotOwned for clarity, move it from
	cmd/fscrypt/ to metadata/ where it better belongs, and improve
	the message.

ErrEncrypted:
	Rename to ErrAlreadyEncrypted for clarity, and include the path.

ErrNotEncrypted:
	Include the path.

ErrBadEncryptionOptions:
	Include the path and bad options.

ErrEncryptionNotSupported:
ErrEncryptionNotEnabled:
	Don't wrap with "get encryption policy %s", in preparation for
	wrapping these with filesystem-level context instead.

Also avoid mixing together the error handling for the "get policy" and
"set policy" ioctls.  Make it very clear how we're handling the errors
from each ioctl.
cli-tests: add t_not_supported 2020-05-09T21:04:47+00:00 Eric Biggers ebiggers@google.com 2020-05-09T21:04:47+00:00 c626494e0c687a109e16ee7289a6f215d6a44809 Test that fscrypt fails when the filesystem doesn't support encryption. 
Test that fscrypt fails when the filesystem doesn't support encryption.