diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-06-13 10:06:15 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-06-13 10:06:15 -0700 |
| commit | 5c1f617c647eb0e9af5ce57758fa58f7e3f4db83 (patch) | |
| tree | acaae325e95953d077e551a10f66169c573653ec /cmd/fscrypt | |
| parent | c39fc85f8045bb24f773a3eb5dee7738cdc4339f (diff) | |
cmd/fscrypt: adjust status message for v1-encrypted dirs
When 'fscrypt status DIR' detects that a v1-encrypted directory is still
usable but its key seems to be absent, it shows the status as
"Unlocked: Partially (incompletely locked)". But actually it can also
be the case that the directory is unlocked by another user. Adjust the
status message accordingly.
This commit also fixes cli-tests/t_v1_policy.
Diffstat (limited to 'cmd/fscrypt')
| -rw-r--r-- | cmd/fscrypt/status.go | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/cmd/fscrypt/status.go b/cmd/fscrypt/status.go index 02fdc74..255bb2b 100644 --- a/cmd/fscrypt/status.go +++ b/cmd/fscrypt/status.go @@ -68,13 +68,12 @@ func policyUnlockedStatus(policy *actions.Policy, path string) string { status := policy.GetProvisioningStatus() // Due to a limitation in the old kernel API for fscrypt, for v1 - // policies using the user keyring that are incompletely locked we'll - // get KeyAbsent, not KeyAbsentButFilesBusy as expected. If we have a - // directory path, use a heuristic to try to detect whether it is still - // usable and thus the policy is actually incompletely locked. + // policies using the user keyring that are incompletely locked or are + // unlocked by another user, we'll get KeyAbsent. If we have a + // directory path, use a heuristic to try to detect these cases. if status == keyring.KeyAbsent && policy.NeedsUserKeyring() && path != "" && isDirUnlockedHeuristic(path) { - status = keyring.KeyAbsentButFilesBusy + return "Partially (incompletely locked, or unlocked by another user)" } switch status { |