diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-05-09 14:52:07 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-05-09 15:21:31 -0700 |
| commit | fbc161a77962fe64e3caad80efb535d28d8c1f74 (patch) | |
| tree | 9d716a4df35668a6fbd3c5b3665294309679cfc0 /cmd/fscrypt | |
| parent | fb88d74f0335cdf8218bb8dfbaa03f23773318cf (diff) | |
metadata: improve errors
ErrBadOwners:
Rename to ErrDirectoryNotOwned for clarity, move it from
cmd/fscrypt/ to metadata/ where it better belongs, and improve
the message.
ErrEncrypted:
Rename to ErrAlreadyEncrypted for clarity, and include the path.
ErrNotEncrypted:
Include the path.
ErrBadEncryptionOptions:
Include the path and bad options.
ErrEncryptionNotSupported:
ErrEncryptionNotEnabled:
Don't wrap with "get encryption policy %s", in preparation for
wrapping these with filesystem-level context instead.
Also avoid mixing together the error handling for the "get policy" and
"set policy" ioctls. Make it very clear how we're handling the errors
from each ioctl.
Diffstat (limited to 'cmd/fscrypt')
| -rw-r--r-- | cmd/fscrypt/commands.go | 17 | ||||
| -rw-r--r-- | cmd/fscrypt/errors.go | 4 |
2 files changed, 7 insertions, 14 deletions
diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go index 51cf136..86816ba 100644 --- a/cmd/fscrypt/commands.go +++ b/cmd/fscrypt/commands.go @@ -282,11 +282,7 @@ func encryptPath(path string) (err error) { } }() } - if err = policy.Apply(path); os.IsPermission(errors.Cause(err)) { - // EACCES at this point indicates ownership issues. - err = errors.Wrap(ErrBadOwners, path) - } - if err != nil { + if err = policy.Apply(path); err != nil { return } if recoveryPassphrase != nil { @@ -320,14 +316,15 @@ func checkEncryptable(ctx *actions.Context, path string) error { log.Printf("ensuring %s supports encryption and filesystem is using fscrypt", path) switch _, err := actions.GetPolicyFromPath(ctx, path); errors.Cause(err) { - case metadata.ErrNotEncrypted: - // We are not encrypted. Finally, we check that the filesystem - // supports encryption - return ctx.Mount.CheckSupport() case nil: // We are encrypted - return errors.Wrap(metadata.ErrEncrypted, path) + return &metadata.ErrAlreadyEncrypted{path} default: + if _, ok := err.(*metadata.ErrNotEncrypted); ok { + // We are not encrypted. Finally, we check that the filesystem + // supports encryption + return ctx.Mount.CheckSupport() + } return err } } diff --git a/cmd/fscrypt/errors.go b/cmd/fscrypt/errors.go index 3f7150b..6119862 100644 --- a/cmd/fscrypt/errors.go +++ b/cmd/fscrypt/errors.go @@ -57,7 +57,6 @@ var ( ErrMustBeRoot = errors.New("this command must be run as root") ErrPolicyUnlocked = errors.New("this file or directory is already unlocked") ErrPolicyLocked = errors.New("this file or directory is already locked") - ErrBadOwners = errors.New("you do not own this directory") ErrNotEmptyDir = errors.New("not an empty directory") ErrNotPassphrase = errors.New("protector does not use a passphrase") ErrUnknownUser = errors.New("unknown user") @@ -133,9 +132,6 @@ func getErrorSuggestions(err error) string { return fmt.Sprintf("Use %s to specify a protector.", shortDisplay(protectorFlag)) case ErrSpecifyKeyFile: return fmt.Sprintf("Use %s to specify a key file.", shortDisplay(keyFileFlag)) - case ErrBadOwners: - return `Encryption can only be setup on directories you own, - even if you have write permission for the directory.` case ErrNotEmptyDir: return `Encryption can only be setup on empty directories; files cannot be encrypted in-place. Instead, encrypt an empty |