fscrypt.git/cli-tests, branch sshd-bug-workaround Go tool for managing Linux filesystem encryption filesystem: avoid accessing irrelevant filesystems 2021-12-20T16:24:15+00:00 Eric Biggers ebiggers@google.com 2021-12-20T04:17:20+00:00 d0b9e2c995beb13c70a1549923df482ff773f09b Forbid 'fscrypt setup' on filesystems that aren't expected to support encryption (other than the root filesystem), and skip looking for fscrypt metadata directories on such filesystems. This has two benefits. First, it avoids the printing of annoying warnings like: pam_fscrypt[75038]: stat /run/user/0/.fscrypt: permission denied pam_fscrypt[75038]: stat /run/user/0/.fscrypt/policies: permission denied pam_fscrypt[75038]: stat /run/user/0/.fscrypt/protectors: permission denied pam_fscrypt[75038]: stat /sys/firmware/efi/efivars/.fscrypt: invalid argument pam_fscrypt[75038]: stat /sys/firmware/efi/efivars/.fscrypt/policies: invalid argument pam_fscrypt[75038]: stat /sys/firmware/efi/efivars/.fscrypt/protectors: invalid argument pam_fscrypt[75038]: stat /sys/fs/pstore/.fscrypt: permission denied pam_fscrypt[75038]: stat /sys/fs/pstore/.fscrypt/policies: permission denied pam_fscrypt[75038]: stat /sys/fs/pstore/.fscrypt/protectors: permission denied Second, it avoids long delays or side effects on some filesystems. To do this, introduce an allowlist of filesystem types that fscrypt will recognize. I wanted to avoid doing this, since this list will need to be updated in the future, but I don't see a better solution. 
Forbid 'fscrypt setup' on filesystems that aren't expected to support
encryption (other than the root filesystem), and skip looking for
fscrypt metadata directories on such filesystems.  This has two
benefits.  First, it avoids the printing of annoying warnings like:

	pam_fscrypt[75038]: stat /run/user/0/.fscrypt: permission denied
	pam_fscrypt[75038]: stat /run/user/0/.fscrypt/policies: permission denied
	pam_fscrypt[75038]: stat /run/user/0/.fscrypt/protectors: permission denied
	pam_fscrypt[75038]: stat /sys/firmware/efi/efivars/.fscrypt: invalid argument
	pam_fscrypt[75038]: stat /sys/firmware/efi/efivars/.fscrypt/policies: invalid argument
	pam_fscrypt[75038]: stat /sys/firmware/efi/efivars/.fscrypt/protectors: invalid argument
	pam_fscrypt[75038]: stat /sys/fs/pstore/.fscrypt: permission denied
	pam_fscrypt[75038]: stat /sys/fs/pstore/.fscrypt/policies: permission denied
	pam_fscrypt[75038]: stat /sys/fs/pstore/.fscrypt/protectors: permission denied

Second, it avoids long delays or side effects on some filesystems.

To do this, introduce an allowlist of filesystem types that fscrypt will
recognize.  I wanted to avoid doing this, since this list will need to
be updated in the future, but I don't see a better solution.
Set owner of login protectors to correct user 2021-12-20T03:44:59+00:00 Eric Biggers ebiggers@google.com 2021-12-20T03:19:25+00:00 4c7c6631cc5a27cc6b4431f5ad3805a2d624c5f5 When the root user creates a login protector for a non-root user, make sure to chown() the protector file to make it owned by the user. Without this, the protector cannot be updated by the user, which causes it to get out of sync if the user changes their login passphrase. Fixes https://github.com/google/fscrypt/issues/319 
When the root user creates a login protector for a non-root user, make
sure to chown() the protector file to make it owned by the user.
Without this, the protector cannot be updated by the user, which causes
it to get out of sync if the user changes their login passphrase.

Fixes https://github.com/google/fscrypt/issues/319
cmd/fscrypt: read key from stdin 2021-11-30T03:35:21+00:00 Dimitry Ishenko dimitry.ishenko@gmail.com 2021-11-30T01:25:56+00:00 38d6cee5930f8109e8ef72a47a8496c875c49280 Fixes #123 
Fixes #123
Adjust recovery passphrase generation 2021-10-05T22:30:30+00:00 Eric Biggers ebiggers@google.com 2021-09-14T21:12:39+00:00 7fed63a84963cbd790e86a0e59ff14724bcf33c4 As per the feedback at https://github.com/google/fscrypt/issues/115 where users didn't understand that the recovery passphrase is important, restore the original behavior where recovery passphrase generation happens automatically without a prompt. This applies to the case where 'fscrypt encrypt' is using a login protector on a non-root filesystem. However, leave the --no-recovery option so that the recovery passphrase can still be disabled if the user really wants to. Also, clarify the information provided about the recovery passphrase. Update https://github.com/google/fscrypt/issues/115 
As per the feedback at https://github.com/google/fscrypt/issues/115
where users didn't understand that the recovery passphrase is important,
restore the original behavior where recovery passphrase generation
happens automatically without a prompt.  This applies to the case where
'fscrypt encrypt' is using a login protector on a non-root filesystem.

However, leave the --no-recovery option so that the recovery passphrase
can still be disabled if the user really wants to.  Also, clarify the
information provided about the recovery passphrase.

Update https://github.com/google/fscrypt/issues/115
cli-tests/common.sh: remove argument count checks 2021-09-14T21:48:11+00:00 Eric Biggers ebiggers@google.com 2021-09-14T21:27:59+00:00 1db83610c3361f2663d908ad3b9b96fde48ac225 These confuse the latest version of shellcheck into thinking that functions which take no arguments actually take arguments, which triggers a bunch of warnings like "Use func "$@" if function's $1 should mean script's $1", which causes 'make lint' to fail. These checks aren't too useful, so just remove them. 
These confuse the latest version of shellcheck into thinking that
functions which take no arguments actually take arguments, which
triggers a bunch of warnings like "Use func "$@" if function's $1 should
mean script's $1", which causes 'make lint' to fail.  These checks
aren't too useful, so just remove them.
cli-tests: fix failure with latest bash version 2021-07-16T23:53:11+00:00 Eric Biggers ebiggers@google.com 2021-07-16T22:59:26+00:00 6e38153e0d471ec1fe50fca31c9bb3e847eca8cc 






cli-tests: force processes spawned by 'expect' to have 80 column-output
2020-11-26T09:08:36+00:00

Eric Biggers
ebiggers@google.com

2020-11-21T23:29:26+00:00

7280a5e81ecc1092bcec58e3fb7f494fc6d95dfa

Otherwise the cli tests fail when executed from GitHub Actions.





Otherwise the cli tests fail when executed from GitHub Actions.







cli-tests/common.sh: fix _user_do()
2020-11-08T04:46:57+00:00

Eric Biggers
ebiggers@google.com

2020-11-08T04:30:51+00:00

4d37d7eaedae964cf72e82ec959a2482916faa1b

Apparently, on some distros 'su' doesn't preserve $PATH.  So, manually
export it in the command.  Also, ensure that the shell stays as bash.

This is needed for some of the CLI tests to pass in Travis CI.





Apparently, on some distros 'su' doesn't preserve $PATH.  So, manually
export it in the command.  Also, ensure that the shell stays as bash.

This is needed for some of the CLI tests to pass in Travis CI.







cmd/fscrypt: adjust status message for v1-encrypted dirs
2020-06-13T17:06:15+00:00

Eric Biggers
ebiggers@google.com

2020-06-13T17:06:15+00:00

5c1f617c647eb0e9af5ce57758fa58f7e3f4db83

When 'fscrypt status DIR' detects that a v1-encrypted directory is still
usable but its key seems to be absent, it shows the status as
"Unlocked: Partially (incompletely locked)".  But actually it can also
be the case that the directory is unlocked by another user.  Adjust the
status message accordingly.

This commit also fixes cli-tests/t_v1_policy.





When 'fscrypt status DIR' detects that a v1-encrypted directory is still
usable but its key seems to be absent, it shows the status as
"Unlocked: Partially (incompletely locked)".  But actually it can also
be the case that the directory is unlocked by another user.  Adjust the
status message accordingly.

This commit also fixes cli-tests/t_v1_policy.







cli-tests/t_v1_policy: clean up user keyrings at end of test
2020-06-13T17:06:15+00:00

Eric Biggers
ebiggers@google.com

2020-06-13T17:06:15+00:00

c39fc85f8045bb24f773a3eb5dee7738cdc4339f

The test user's user keyring is still linked into root's user keyring at
the end of the test.  This is making the test flaky, as there is a
failure that only occurs the first time it is run.  Fix the test to
restore the initial state.  This makes it consistently fail (to be fixed
by the next commit).





The test user's user keyring is still linked into root's user keyring at
the end of the test.  This is making the test flaky, as there is a
failure that only occurs the first time it is run.  Fix the test to
restore the initial state.  This makes it consistently fail (to be fixed
by the next commit).