Improve error message when setting v2 policy is unsupported

If trying to encrypt a directory using a v2 policy fails due to the
kernel lacking support for v2 policies, show a better error message.

One way this can happen is if someone runs 'fscrypt setup' with a new
kernel and then downgrades to an old kernel.

Before:

  # echo -n hunter2 | fscrypt encrypt dir --source=custom_passphrase --name=foo --quiet
  [ERROR] fscrypt encrypt: inappropriate ioctl for device: system error: could not add key to the keyring

After:

  # echo -n hunter2 | fscrypt encrypt dir --source=custom_passphrase --name=foo --quiet
  [ERROR] fscrypt encrypt: kernel is too old to support v2 encryption policies

  v2 encryption policies are only supported by kernel version 5.4 and
  later. Either use a newer kernel, or change policy_version to 1 in
  /etc/fscrypt.conf.

1 files changed, 4 insertions, 0 deletions

diff --git a/cmd/fscrypt/errors.go b/cmd/fscrypt/errors.go
index bef6c2a..c242552 100644
--- a/cmd/fscrypt/errors.go
+++ b/cmd/fscrypt/errors.go
@@ -113,6 +113,10 @@ func getErrorSuggestions(err error) string {
 		return fmt.Sprintf(`You can only use %s to access the user
 			keyring of another user if you are running as root.`,
 			shortDisplay(userFlag))
+	case keyring.ErrV2PoliciesUnsupported:
+		return fmt.Sprintf(`v2 encryption policies are only supported by kernel
+		version 5.4 and later. Either use a newer kernel, or change
+		policy_version to 1 in %s.`, actions.ConfigFileLocation)
 	case actions.ErrBadConfigFile:
 		return `Run "sudo fscrypt setup" to recreate the file.`
 	case actions.ErrNoConfigFile: