filesystem: allow .fscrypt to be a symlink

Support the case where the user has a read-only root filesystem (e.g.
with OSTree) and had previously created a symlink /.fscrypt pointing to
a writable location, so that login protectors can be created there.

Resolves https://github.com/google/fscrypt/issues/131

1 files changed, 16 insertions, 0 deletions

diff --git a/filesystem/path.go b/filesystem/path.go
index 5fd3fdf..b65bcb9 100644
--- a/filesystem/path.go
+++ b/filesystem/path.go
@@ -56,6 +56,16 @@ func loggedStat(name string) (os.FileInfo, error) {
 	return info, err
 }
 
+// loggedLstat runs os.Lstat (doesn't dereference trailing symlink), but it logs
+// the error if lstat returns any error other than nil or IsNotExist.
+func loggedLstat(name string) (os.FileInfo, error) {
+	info, err := os.Lstat(name)
+	if err != nil && !os.IsNotExist(err) {
+		log.Print(err)
+	}
+	return info, err
+}
+
 // isDir returns true if the path exists and is that of a directory.
 func isDir(path string) bool {
 	info, err := loggedStat(path)
@@ -68,6 +78,12 @@ func isDevice(path string) bool {
 	return err == nil && info.Mode()&os.ModeDevice != 0
 }
 
+// isSymlink returns true if the path exists and is that of a symlink.
+func isSymlink(path string) bool {
+	info, err := loggedLstat(path)
+	return err == nil && info.Mode()&os.ModeSymlink != 0
+}
+
 // isDirCheckPerm returns true if the path exists and is a directory. If the
 // specified permissions and sticky bit of mode do not match the path, an error
 // is logged.