Provide better error message when given a locked regular file

Since opening an encrypted regular file that is locked fails with ENOKEY, getting the encryption policy of such a file is not possible. As a result, 'fscrypt status' and 'fscrypt lock' fail on such files. Provide a better error message that tries to explain what is going on. Resolves https://github.com/google/fscrypt/issues/393
author: Eric Biggers <ebiggers@google.com> 2023-12-09 14:36:03 -0800
committer: Eric Biggers <ebiggers3@gmail.com> 2023-12-11 19:33:48 -0800
commit: a6c5029cd114cd27cc59024e968feb4765e5323d (patch)
tree: ca36a75d27d3a8cca37c0d1aa5a09df9e88ffc25 /cmd/fscrypt/errors.go
parent: 6c5fc571ba7b851e7b36b054fd428bf6ad779dcc (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/cmd/fscrypt/errors.go b/cmd/fscrypt/errors.go
index 1ccf544..c4814f4 100644
--- a/cmd/fscrypt/errors.go
+++ b/cmd/fscrypt/errors.go
@@ -251,6 +251,11 @@ func getErrorSuggestions(err error) string {
 		return `This is usually the result of a bad PAM configuration.
 			Either correct the problem in your PAM stack, enable
 			pam_keyinit.so, or run "keyctl link @u @s".`
+	case *metadata.ErrLockedRegularFile:
+		return `It is not possible to operate directly on a locked
+			regular file, since the kernel does not support this.
+			Specify the parent directory instead. (For loose files,
+			any directory with the file's policy works.)`
 	}
 	switch errors.Cause(err) {
 	case crypto.ErrMlockUlimit:
author	Eric Biggers <ebiggers@google.com>	2023-12-09 14:36:03 -0800
committer	Eric Biggers <ebiggers3@gmail.com>	2023-12-11 19:33:48 -0800
commit	a6c5029cd114cd27cc59024e968feb4765e5323d (patch)
tree	ca36a75d27d3a8cca37c0d1aa5a09df9e88ffc25 /cmd/fscrypt/errors.go
parent	6c5fc571ba7b851e7b36b054fd428bf6ad779dcc (diff)