Merge pull request #332 from ebiggers/skip-irrelevant-filesystems

filesystem: avoid accessing irrelevant filesystems

4 files changed, 52 insertions, 7 deletions

diff --git a/cli-tests/t_not_supported.out b/cli-tests/t_not_supported.out
index ecee56a..68e0897 100644
--- a/cli-tests/t_not_supported.out
+++ b/cli-tests/t_not_supported.out
@@ -1,8 +1,8 @@
 
 # Mount tmpfs
 
-# Create fscrypt metadata on tmpfs
-Metadata directories created at "MNT/.fscrypt".
+# Try to create fscrypt metadata on tmpfs
+[ERROR] fscrypt setup: filesystem type tmpfs is not supported for fscrypt setup
 
 # Try to encrypt a directory on tmpfs
 [ERROR] fscrypt encrypt: This kernel doesn't support encryption on tmpfs
diff --git a/cli-tests/t_not_supported.sh b/cli-tests/t_not_supported.sh
index 53a096a..9ff90e1 100755
--- a/cli-tests/t_not_supported.sh
+++ b/cli-tests/t_not_supported.sh
@@ -9,8 +9,8 @@ _print_header "Mount tmpfs"
 umount "$MNT"
 mount tmpfs -t tmpfs -o size=128m "$MNT"
 
-_print_header "Create fscrypt metadata on tmpfs"
-fscrypt setup "$MNT"
+_print_header "Try to create fscrypt metadata on tmpfs"
+_expect_failure "fscrypt setup '$MNT'"
 
 _print_header "Try to encrypt a directory on tmpfs"
 mkdir "$MNT/dir"
diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go
index 456a4fc..0b30452 100644
--- a/filesystem/filesystem.go
+++ b/filesystem/filesystem.go
@@ -112,6 +112,17 @@ func (err *ErrNotSetup) Error() string {
 	return fmt.Sprintf("filesystem %s is not setup for use with fscrypt", err.Mount.Path)
 }
 
+// ErrSetupNotSupported indicates that the given filesystem type is not
+// supported for fscrypt setup.
+type ErrSetupNotSupported struct {
+	Mount *Mount
+}
+
+func (err *ErrSetupNotSupported) Error() string {
+	return fmt.Sprintf("filesystem type %s is not supported for fscrypt setup",
+		err.Mount.FilesystemType)
+}
+
 // ErrPolicyNotFound indicates that the policy metadata was not found.
 type ErrPolicyNotFound struct {
 	Descriptor string
@@ -299,15 +310,46 @@ func (m *Mount) EncryptionSupportError(err error) error {
 	return err
 }
 
-// CheckSupport returns an error if this filesystem does not support filesystem
-// encryption.
+// isFscryptSetupAllowed decides whether the given filesystem is allowed to be
+// set up for fscrypt, without actually accessing it.  This basically checks
+// whether the filesystem type is one of the types that supports encryption, or
+// at least is in some stage of planning for encrption support in the future.
+//
+// We need this list so that we can skip filesystems that are irrelevant for
+// fscrypt without having to look for the fscrypt metadata directories on them,
+// which can trigger errors, long delays, or side effects on some filesystems.
+//
+// Unfortunately, this means that if a completely new filesystem adds encryption
+// support, then it will need to be manually added to this list.  But it seems
+// to be a worthwhile tradeoff to avoid the above issues.
+func (m *Mount) isFscryptSetupAllowed() bool {
+	if m.Path == "/" {
+		// The root filesystem is always allowed, since it's where login
+		// protectors are stored.
+		return true
+	}
+	switch m.FilesystemType {
+	case "ext4", "f2fs", "ubifs", "btrfs", "ceph", "xfs":
+		return true
+	default:
+		return false
+	}
+}
+
+// CheckSupport returns an error if this filesystem does not support encryption.
 func (m *Mount) CheckSupport() error {
+	if !m.isFscryptSetupAllowed() {
+		return &ErrEncryptionNotSupported{m}
+	}
 	return m.EncryptionSupportError(metadata.CheckSupport(m.Path))
 }
 
 // CheckSetup returns an error if all the fscrypt metadata directories do not
 // exist. Will log any unexpected errors or incorrect permissions.
 func (m *Mount) CheckSetup() error {
+	if !m.isFscryptSetupAllowed() {
+		return &ErrNotSetup{m}
+	}
 	// Run all the checks so we will always get all the warnings
 	baseGood := isDirCheckPerm(m.BaseDir(), basePermissions)
 	policyGood := isDirCheckPerm(m.PolicyDir(), dirPermissions)
@@ -345,6 +387,9 @@ func (m *Mount) Setup() error {
 	if m.CheckSetup() == nil {
 		return &ErrAlreadySetup{m}
 	}
+	if !m.isFscryptSetupAllowed() {
+		return &ErrSetupNotSupported{m}
+	}
 	// We build the directories under a temp Mount and then move into place.
 	temp, err := m.tempMount()
 	if err != nil {
diff --git a/filesystem/filesystem_test.go b/filesystem/filesystem_test.go
index 9b534bd..92726b2 100644
--- a/filesystem/filesystem_test.go
+++ b/filesystem/filesystem_test.go
@@ -324,7 +324,7 @@ func getTwoSetupMounts(t *testing.T) (realMnt, fakeMnt *Mount, err error) {
 	if err = os.MkdirAll(fakeMountpoint, basePermissions); err != nil {
 		return
 	}
-	fakeMnt = &Mount{Path: fakeMountpoint}
+	fakeMnt = &Mount{Path: fakeMountpoint, FilesystemType: realMnt.FilesystemType}
 	err = fakeMnt.Setup()
 	return
 }