diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-05-09 14:52:07 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-05-09 15:21:31 -0700 |
| commit | 181600d6327ed34a3f62eda0dd03a6d2ae49e5f9 (patch) | |
| tree | dda5a65b2d8c157e03d3d35f3442547dafd51e4c /cli-tests/t_lock.out | |
| parent | 197eb371697aff066947372d10732387454fd88a (diff) | |
cmd/fscrypt: improve errors
In checkEncryptable(), check whether the directory is already encrypted
before checking whether it's empty.
Also improve the error message for when a directory is nonempty.
Finally, translate keyring.ErrKeyAddedByOtherUsers and
keyring.ErrKeyFilesOpen into errors which include the directory.
Diffstat (limited to 'cli-tests/t_lock.out')
| -rw-r--r-- | cli-tests/t_lock.out | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/cli-tests/t_lock.out b/cli-tests/t_lock.out index c0f9279..b8c8dcb 100644 --- a/cli-tests/t_lock.out +++ b/cli-tests/t_lock.out @@ -33,11 +33,16 @@ desc2 No custom protector "prot" contents # Try to lock directory while files busy -[ERROR] fscrypt lock: some files using the key are still open +[ERROR] fscrypt lock: Directory was incompletely locked because some files are + still open. These files remain accessible. -Directory was incompletely locked because some files are still open. These files -remain accessible. Try killing any processes using files in the directory, then -re-running 'fscrypt lock'. +Try killing any processes using files in the directory, for example using: + + find "MNT/dir" -print0 | xargs -0 fuser -k + +Then re-run: + + fscrypt lock "MNT/dir" # => status should be incompletely locked "MNT/dir" is encrypted with fscrypt. @@ -72,11 +77,12 @@ mkdir: cannot create directory 'MNT/dir/subdir': Required key not available # Try to lock directory while other user has unlocked Enter custom passphrase for protector "prot": "MNT/dir" is now unlocked and ready for use. -[ERROR] fscrypt lock: other users have added the key too +[ERROR] fscrypt lock: Directory "MNT/dir" couldn't be fully + locked because other user(s) have unlocked it. + +If you want to force the directory to be locked, use: -Directory couldn't be fully locked because other user(s) have unlocked it. If -you want to force the directory to be locked, use 'sudo fscrypt lock --all-users -DIR'. + sudo fscrypt lock --all-users "MNT/dir" contents "MNT/dir" is now locked. cat: MNT/dir/file: No such file or directory |