metadata: improve errors

ErrBadOwners: Rename to ErrDirectoryNotOwned for clarity, move it from cmd/fscrypt/ to metadata/ where it better belongs, and improve the message. ErrEncrypted: Rename to ErrAlreadyEncrypted for clarity, and include the path. ErrNotEncrypted: Include the path. ErrBadEncryptionOptions: Include the path and bad options. ErrEncryptionNotSupported: ErrEncryptionNotEnabled: Don't wrap with "get encryption policy %s", in preparation for wrapping these with filesystem-level context instead. Also avoid mixing together the error handling for the "get policy" and "set policy" ioctls. Make it very clear how we're handling the errors from each ioctl.
author: Eric Biggers <ebiggers@google.com> 2020-05-09 14:52:07 -0700
committer: Eric Biggers <ebiggers@google.com> 2020-05-09 15:21:31 -0700
commit: fbc161a77962fe64e3caad80efb535d28d8c1f74 (patch)
tree: 9d716a4df35668a6fbd3c5b3665294309679cfc0 /cli-tests
parent: fb88d74f0335cdf8218bb8dfbaa03f23773318cf (diff)
8 files changed, 30 insertions, 34 deletions
diff --git a/cli-tests/t_encrypt.out b/cli-tests/t_encrypt.out
index af38299..e3bace0 100644
--- a/cli-tests/t_encrypt.out
+++ b/cli-tests/t_encrypt.out
@@ -3,8 +3,8 @@
 [ERROR] fscrypt encrypt: no such file or directory
 ext4 filesystem "MNT" has 0 protectors and 0 policies
 
-[ERROR] fscrypt status: get encryption policy MNT/dir: file
-                        or directory not encrypted
+[ERROR] fscrypt status: file or directory "MNT/dir" is not
+                        encrypted
 
 # Try to encrypt a nonempty directory
 [ERROR] fscrypt encrypt: MNT/dir: not an empty directory
@@ -14,8 +14,8 @@ in-place. Instead, encrypt an empty directory, copy the files into that
 encrypted directory, and securely delete the originals with "shred".
 ext4 filesystem "MNT" has 0 protectors and 0 policies
 
-[ERROR] fscrypt status: get encryption policy MNT/dir: file
-                        or directory not encrypted
+[ERROR] fscrypt status: file or directory "MNT/dir" is not
+                        encrypted
 
 # Encrypt a directory as non-root user
 ext4 filesystem "MNT" has 1 protector and 1 policy
@@ -52,16 +52,16 @@ PROTECTOR         LINKED  DESCRIPTION
 desc1  No      custom protector "prot"
 
 # Try to encrypt an already-encrypted directory
-[ERROR] fscrypt encrypt: MNT/dir: file or directory already
-                         encrypted
+[ERROR] fscrypt encrypt: file or directory "MNT/dir" is
+                         already encrypted
 
 # Try to encrypt another user's directory as a non-root user
-[ERROR] fscrypt encrypt: MNT/dir: you do not own this
-                         directory
+[ERROR] fscrypt encrypt: cannot encrypt "MNT/dir" because
+                         it's owned by another user (root).
 
-Encryption can only be setup on directories you own, even if you have write
-permission for the directory.
+                         Encryption can only be enabled on a directory you own,
+                         even if you have write access to the directory.
 ext4 filesystem "MNT" has 0 protectors and 0 policies
 
-[ERROR] fscrypt status: get encryption policy MNT/dir: file
-                        or directory not encrypted
+[ERROR] fscrypt status: file or directory "MNT/dir" is not
+                        encrypted
diff --git a/cli-tests/t_encrypt_custom.out b/cli-tests/t_encrypt_custom.out
index e7b8656..8dd15e3 100644
--- a/cli-tests/t_encrypt_custom.out
+++ b/cli-tests/t_encrypt_custom.out
@@ -51,5 +51,5 @@ desc6  No      custom protector "prot"
 Use --name=PROTECTOR_NAME to specify a protector name.
 ext4 filesystem "MNT" has 0 protectors and 0 policies
 
-[ERROR] fscrypt status: get encryption policy MNT/dir: file
-                        or directory not encrypted
+[ERROR] fscrypt status: file or directory "MNT/dir" is not
+                        encrypted
diff --git a/cli-tests/t_encrypt_login.out b/cli-tests/t_encrypt_login.out
index 7ee66a2..e8e0e41 100644
--- a/cli-tests/t_encrypt_login.out
+++ b/cli-tests/t_encrypt_login.out
@@ -139,8 +139,8 @@ ext4 filesystem "MNT" has 0 protectors and 0 policies
 
 ext4 filesystem "MNT_ROOT" has 0 protectors and 0 policies
 
-[ERROR] fscrypt status: get encryption policy MNT/dir: file
-                        or directory not encrypted
+[ERROR] fscrypt status: file or directory "MNT/dir" is not
+                        encrypted
 
 # Try to use the wrong login passphrase
 [ERROR] fscrypt encrypt: incorrect login passphrase
@@ -148,5 +148,5 @@ ext4 filesystem "MNT" has 0 protectors and 0 policies
 
 ext4 filesystem "MNT_ROOT" has 0 protectors and 0 policies
 
-[ERROR] fscrypt status: get encryption policy MNT/dir: file
-                        or directory not encrypted
+[ERROR] fscrypt status: file or directory "MNT/dir" is not
+                        encrypted
diff --git a/cli-tests/t_encrypt_raw_key.out b/cli-tests/t_encrypt_raw_key.out
index c7c46eb..8765ba2 100644
--- a/cli-tests/t_encrypt_raw_key.out
+++ b/cli-tests/t_encrypt_raw_key.out
@@ -21,5 +21,5 @@ desc1  No      raw key protector "prot"
 [ERROR] fscrypt encrypt: TMPDIR/raw_key: key file must be 32 bytes
 ext4 filesystem "MNT" has 0 protectors and 0 policies
 
-[ERROR] fscrypt status: get encryption policy MNT/dir: file
-                        or directory not encrypted
+[ERROR] fscrypt status: file or directory "MNT/dir" is not
+                        encrypted
diff --git a/cli-tests/t_not_enabled.out b/cli-tests/t_not_enabled.out
index 7d74bcf..760f9dd 100644
--- a/cli-tests/t_not_enabled.out
+++ b/cli-tests/t_not_enabled.out
@@ -2,24 +2,21 @@
 # Disable encryption on DEV
 
 # Try to encrypt a directory when encryption is disabled
-[ERROR] fscrypt encrypt: get encryption policy MNT/dir:
-                         encryption not enabled
+[ERROR] fscrypt encrypt: encryption not enabled
 
 Encryption is either disabled in the kernel config, or needs to be enabled for
 this filesystem. See the documentation on how to enable encryption on ext4
 systems (and the risks of doing so).
 
 # Try to unlock a directory when encryption is disabled
-[ERROR] fscrypt unlock: get encryption policy MNT/dir:
-                        encryption not enabled
+[ERROR] fscrypt unlock: encryption not enabled
 
 Encryption is either disabled in the kernel config, or needs to be enabled for
 this filesystem. See the documentation on how to enable encryption on ext4
 systems (and the risks of doing so).
 
 # Try to lock a directory when encryption is disabled
-[ERROR] fscrypt lock: get encryption policy MNT/dir:
-                      encryption not enabled
+[ERROR] fscrypt lock: encryption not enabled
 
 Encryption is either disabled in the kernel config, or needs to be enabled for
 this filesystem. See the documentation on how to enable encryption on ext4
diff --git a/cli-tests/t_not_supported.out b/cli-tests/t_not_supported.out
index 8af840c..dd71599 100644
--- a/cli-tests/t_not_supported.out
+++ b/cli-tests/t_not_supported.out
@@ -5,7 +5,6 @@
 Metadata directories created at "MNT/.fscrypt".
 
 # Try to encrypt a directory on tmpfs
-[ERROR] fscrypt encrypt: get encryption policy MNT/dir:
-                         encryption not supported
+[ERROR] fscrypt encrypt: encryption not supported
 
 Encryption for this type of filesystem is not supported on this kernel version.
diff --git a/cli-tests/t_status.out b/cli-tests/t_status.out
index b036712..08ce3b2 100644
--- a/cli-tests/t_status.out
+++ b/cli-tests/t_status.out
@@ -10,10 +10,10 @@ ext4 filesystem "MNT" has 0 protectors and 0 policies
 
 
 # Get status of unencrypted directory on setup mountpoint
-[ERROR] fscrypt status: get encryption policy MNT/dir: file
-                        or directory not encrypted
-[ERROR] fscrypt status: get encryption policy MNT/dir: file
-                        or directory not encrypted
+[ERROR] fscrypt status: file or directory "MNT/dir" is not
+                        encrypted
+[ERROR] fscrypt status: file or directory "MNT/dir" is not
+                        encrypted
 
 # Remove fscrypt metadata from MNT
 
diff --git a/cli-tests/t_v1_policy_fs_keyring.out b/cli-tests/t_v1_policy_fs_keyring.out
index ca32ec1..cfc8f7c 100644
--- a/cli-tests/t_v1_policy_fs_keyring.out
+++ b/cli-tests/t_v1_policy_fs_keyring.out
@@ -10,8 +10,8 @@ Either this command should be run as root, or you should set
 re-create your encrypted directories using v2 encryption policies rather than v1
 (this requires setting '"policy_version": "2"' in the "options" section of
 /etc/fscrypt.conf).
-[ERROR] fscrypt status: get encryption policy MNT/dir: file
-                        or directory not encrypted
+[ERROR] fscrypt status: file or directory "MNT/dir" is not
+                        encrypted
 
 # Encrypt directory as user with --skip-unlock
 "MNT/dir" is encrypted with fscrypt.
author	Eric Biggers <ebiggers@google.com>	2020-05-09 14:52:07 -0700
committer	Eric Biggers <ebiggers@google.com>	2020-05-09 15:21:31 -0700
commit	fbc161a77962fe64e3caad80efb535d28d8c1f74 (patch)
tree	9d716a4df35668a6fbd3c5b3665294309679cfc0 /cli-tests
parent	fb88d74f0335cdf8218bb8dfbaa03f23773318cf (diff)