diff options
| author | Eric Biggers <ebiggers@google.com> | 2019-10-29 00:33:54 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2019-10-30 09:21:59 -0700 |
| commit | dbafdbaa9b0767f71affaf15fb8c626f64e27122 (patch) | |
| tree | 4a00cc9611161d0157f1932b2339ae89c3eee20b /cmd/fscrypt/fscrypt_test.go | |
| parent | fe58e7236a3285e172733aeab0b136bec968ac4d (diff) | |
filesystem: handle bind mounts properly
Currently, fscrypt treats bind mounts as separate filesystems. This is
broken because fscrypt will look for a directory's encryption policy in
different places depending on which mount it's accessed through. This
forces users to create an fscrypt metadata directory at every bind
mount, and to copy fscrypt metadata around between mounts.
Fix this by storing fscrypt metadata only at the root of the filesystem.
To accomplish this:
- Make mountsByDevice store only a single Mount per filesystem, rather
than multiple. For this Mount, choose a mount of the full filesystem
if available, preferably a read-write mount. If the filesystem has
only bind mounts, store a nil entry in mountsByDevice so we can show a
proper error message later.
- Change FindMount() and GetMount() to look up the Mount by device
number rather than by path, so that they don't return different Mounts
depending on which path is used.
- Change AllFilesystems() to not return bind mounts.
- Due to the above changes, the mountsByPath map is no longer needed
outside of loadMountInfo(). So make it a local variable there.
Resolves https://github.com/google/fscrypt/issues/59
Diffstat (limited to 'cmd/fscrypt/fscrypt_test.go')
0 files changed, 0 insertions, 0 deletions