diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-05-09 14:52:07 -0700 |
|---|---|---|
| committer | Eric Biggers <ebiggers@google.com> | 2020-05-09 15:21:31 -0700 |
| commit | fb88d74f0335cdf8218bb8dfbaa03f23773318cf (patch) | |
| tree | 423e1d12c13e081ec29a53a0adebd5ff733bc56a /cmd/fscrypt | |
| parent | 9383d4be92981a4c956c775479bb48b7eec9db79 (diff) | |
keyring: improve errors
ErrAccessUserKeyring:
Include the user, and fix the backwards wrapping.
ErrSessionUserKeyring:
Include the user.
ErrKeyAdd:
ErrKeyRemove:
ErrKeySearch:
ErrLinkUserKeyring:
Replace these with one-off unnamed errors because they are
never checked for, and this makes it easier for the callers to
provide better messages, e.g. fixing the backwards wrapping.
Diffstat (limited to 'cmd/fscrypt')
| -rw-r--r-- | cmd/fscrypt/errors.go | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/cmd/fscrypt/errors.go b/cmd/fscrypt/errors.go index f4f3ddb..3f7150b 100644 --- a/cmd/fscrypt/errors.go +++ b/cmd/fscrypt/errors.go @@ -88,6 +88,14 @@ func getErrorSuggestions(err error) string { return fmt.Sprintf("Use %s to specify a protector name.", shortDisplay(nameFlag)) case *actions.ErrNoConfigFile: return `Run "sudo fscrypt setup" to create this file.` + case *keyring.ErrAccessUserKeyring: + return fmt.Sprintf(`You can only use %s to access the user + keyring of another user if you are running as root.`, + shortDisplay(userFlag)) + case *keyring.ErrSessionUserKeyring: + return `This is usually the result of a bad PAM configuration. + Either correct the problem in your PAM stack, enable + pam_keyinit.so, or run "keyctl link @u @s".` } switch errors.Cause(err) { case filesystem.ErrNotSetup: @@ -115,14 +123,6 @@ func getErrorSuggestions(err error) string { return `Directory couldn't be fully locked because other user(s) have unlocked it. If you want to force the directory to be locked, use 'sudo fscrypt lock --all-users DIR'.` - case keyring.ErrSessionUserKeying: - return `This is usually the result of a bad PAM configuration. - Either correct the problem in your PAM stack, enable - pam_keyinit.so, or run "keyctl link @u @s".` - case keyring.ErrAccessUserKeyring: - return fmt.Sprintf(`You can only use %s to access the user - keyring of another user if you are running as root.`, - shortDisplay(userFlag)) case keyring.ErrV2PoliciesUnsupported: return fmt.Sprintf(`v2 encryption policies are only supported by kernel version 5.4 and later. Either use a newer kernel, or change |