cmd/fscrypt: Check support before encrypting

Almost all actions only need to to check that the fscrypt metadata exists (this is handled by the Mount methods). Only "fscrypt encrypt" need to be sure the filesystem also supports encryption, so this check is added.
author: Joe Richey joerichey@google.com <joerichey@google.com> 2017-07-17 13:19:43 -0700
committer: Joe Richey joerichey@google.com <joerichey@google.com> 2017-07-17 13:19:43 -0700
commit: d0efe1f27b4229011292c076b923db985bcb6de4 (patch)
tree: c291d59960f989ee78e1347e3e9eff66d1a073b0 /cmd
parent: 8136a700fa6c3efb7a469e45d846e9db4ec9b4e2 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go
index 2049b57..4f53fe2 100644
--- a/cmd/fscrypt/commands.go
+++ b/cmd/fscrypt/commands.go
@@ -198,11 +198,12 @@ func checkEncryptable(ctx *actions.Context, path string) error {
 		return errors.Wrap(ErrNotEmptyDir, path)
 	}
 
-	log.Printf("ensuring %s is not encrypted and filesystem is using fscrypt", path)
+	log.Printf("ensuring %s supports encryption and filesystem is using fscrypt", path)
 	switch _, err := actions.GetPolicyFromPath(ctx, path); errors.Cause(err) {
 	case metadata.ErrNotEncrypted:
-		// We are not encrypted
-		return nil
+		// We are not encrypted. Finally, we check that the filesystem
+		// supports encryption
+		return ctx.Mount.CheckSupport()
 	case nil:
 		// We are encrypted
 		return errors.Wrap(metadata.ErrEncrypted, path)
author	Joe Richey joerichey@google.com <joerichey@google.com>	2017-07-17 13:19:43 -0700
committer	Joe Richey joerichey@google.com <joerichey@google.com>	2017-07-17 13:19:43 -0700
commit	d0efe1f27b4229011292c076b923db985bcb6de4 (patch)
tree	c291d59960f989ee78e1347e3e9eff66d1a073b0 /cmd
parent	8136a700fa6c3efb7a469e45d846e9db4ec9b4e2 (diff)