cmd/fscrypt: Add explanations for keyring failures

Now the user is persented with help when they try to access a keyring that isn't theirs or try to use fscrypt without a user keyring linked into the session keyring.
author: Joseph Richey <joerichey94@gmail.com> 2017-09-01 00:56:44 -0700
committer: Joseph Richey <joerichey94@gmail.com> 2017-09-01 00:56:44 -0700
commit: 0dfbbf62fae3d4051dd5f0686835ac393f8a0247 (patch)
tree: 8ff0b3562affc308939788c5e54708e284a014da /cmd
parent: 079ee257d27e28b166965f1fa0136f694598b6c7 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/cmd/fscrypt/errors.go b/cmd/fscrypt/errors.go
index 9731efc..81a6798 100644
--- a/cmd/fscrypt/errors.go
+++ b/cmd/fscrypt/errors.go
@@ -35,6 +35,7 @@ import (
 	"github.com/google/fscrypt/crypto"
 	"github.com/google/fscrypt/filesystem"
 	"github.com/google/fscrypt/metadata"
+	"github.com/google/fscrypt/security"
 	"github.com/google/fscrypt/util"
 )
 
@@ -93,6 +94,14 @@ func getErrorSuggestions(err error) string {
 			needs to be enabled for this filesystem. See the
 			documentation on how to enable encryption on ext4
 			systems (and the risks of doing so).`
+	case security.ErrSessionUserKeying:
+		return `This is usually the result of a bad PAM configuration.
+			Either correct the problem in your PAM stack, enable
+			pam_keyinit.so, or run "keyctl link @u @s".`
+	case security.ErrAccessUserKeyring:
+		return fmt.Sprintf(`You can only use %s to access the user
+			keyring of another user if you are running as root.`,
+			shortDisplay(userFlag))
 	case actions.ErrBadConfigFile:
 		return `Run "sudo fscrypt setup" to recreate the file.`
 	case actions.ErrNoConfigFile:
author	Joseph Richey <joerichey94@gmail.com>	2017-09-01 00:56:44 -0700
committer	Joseph Richey <joerichey94@gmail.com>	2017-09-01 00:56:44 -0700
commit	0dfbbf62fae3d4051dd5f0686835ac393f8a0247 (patch)
tree	8ff0b3562affc308939788c5e54708e284a014da /cmd
parent	079ee257d27e28b166965f1fa0136f694598b6c7 (diff)