fscrypt.git/cmd, branch refactor

fscrypt.git/cmd, branch refactor Go tool for managing Linux filesystem encryption https://git.hodgden.net/cgit.cgi/fscrypt.git/atom?h=refactor 2017-10-19T10:54:50Z util: Add CheckIfRoot 2017-10-19T10:54:50Z Joseph Richey joerichey94@gmail.com 2017-10-19T10:37:54Z urn:sha1:3269bc539e52cdced8c03a628e4fdf22942ece4b Replace IsUserRoot with CheckIfRoot. This allows all functions to use the same error handling when a user is not root. util: Add better user lookup functions 2017-10-19T10:34:51Z Joseph Richey joerichey94@gmail.com 2017-10-19T10:15:28Z urn:sha1:b7de8535f899f2b88d61f4f1264fe6a272196536 When looking up users in fscrypt, we often want to proceed even if the requested uid doesn't appear to be a valid user on the system. This mainly occurs when a user is deleted, but they still have a login protector on disk. Thus, GetUser() with a bad uid creates a fake user with a pretty placeholder name. The corresponding call sites of util.EffectiveUser are changed (often simplifying logic). Various documentation is updated and typos are fixed. Makefile and .gitignore cleanup 2017-10-19T10:02:00Z Joseph Richey joerichey94@gmail.com 2017-10-19T10:02:00Z urn:sha1:5f66408c9e2b50756a15fd821fe397a4723da7b6 Our .gitignore file was overly restrictive, fixed to only include the fscrypt binary. Also, our build tags were incorrectly formatted. The tags are removed and the corresponding lint rule is simplified. The build tags will be added back after the refactor. security: Sync filesystem before dropping caches 2017-10-02T23:49:16Z Joe Richey joerichey@google.com joerichey@google.com 2017-10-02T23:49:16Z urn:sha1:c6568945adb69a3b7779c0f9e0e1f427d31209ab security: Add check option to UserKeyringID 2017-09-29T09:52:56Z Joseph Richey joerichey94@gmail.com 2017-09-29T09:52:56Z urn:sha1:4d9372795e7b53d105f69790c1d9deadbff85458 Fixes logging string for policies 2017-09-07T01:16:03Z Joseph Richey joerichey@google.com 2017-09-07T01:16:03Z urn:sha1:a949b13dac670014c37c7181e368b9c0c7a7f0f5 We should always log the descriptor not the entire policy structure. cmd/fscrypt: Add explanations for keyring failures 2017-09-01T07:56:44Z Joseph Richey joerichey94@gmail.com 2017-09-01T07:56:44Z urn:sha1:0dfbbf62fae3d4051dd5f0686835ac393f8a0247 Now the user is persented with help when they try to access a keyring that isn't theirs or try to use fscrypt without a user keyring linked into the session keyring. cmd/fscrypt: Check that keyrings are setup 2017-09-01T07:55:22Z Joseph Richey joerichey94@gmail.com 2017-09-01T07:55:22Z urn:sha1:079ee257d27e28b166965f1fa0136f694598b6c7 Chaning the --user flag to (optionally) check for a proper keyring setup allows us to fail early in cases where we need a working keyring. Fixed linter issues 2017-08-31T18:29:30Z Joe Richey joerichey@google.com 2017-08-31T18:29:30Z urn:sha1:5586bc35fbb33f20c38f52285c19c015b804ea94 cmd/fscrypt: Add --user flag for running as root 2017-08-31T01:16:16Z Joe Richey joerichey@google.com 2017-08-31T01:16:16Z urn:sha1:11b31826334bc3faa4d4c7ee05a3b2996a88c969 The --user flag can now be used to have the targe user (the one whose keyring and password will be used in fscrypt) be different than the calling user. Very usefull for things like sudo fscrypt purge /media/joerichey/usb --user=joerichey which will now have privileges to drop caches, but will properly clear the keys from the user's keyring.