diff options
| author | Eric Biggers <ebiggers@google.com> | 2023-12-09 14:36:03 -0800 |
|---|---|---|
| committer | Eric Biggers <ebiggers3@gmail.com> | 2023-12-11 19:33:48 -0800 |
| commit | a6c5029cd114cd27cc59024e968feb4765e5323d (patch) | |
| tree | ca36a75d27d3a8cca37c0d1aa5a09df9e88ffc25 /metadata | |
| parent | 6c5fc571ba7b851e7b36b054fd428bf6ad779dcc (diff) | |
Provide better error message when given a locked regular file
Since opening an encrypted regular file that is locked fails with
ENOKEY, getting the encryption policy of such a file is not possible.
As a result, 'fscrypt status' and 'fscrypt lock' fail on such files.
Provide a better error message that tries to explain what is going on.
Resolves https://github.com/google/fscrypt/issues/393
Diffstat (limited to 'metadata')
| -rw-r--r-- | metadata/policy.go | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/metadata/policy.go b/metadata/policy.go index 7831e53..fe6c38f 100644 --- a/metadata/policy.go +++ b/metadata/policy.go @@ -28,6 +28,7 @@ import ( "os" "os/user" "strconv" + "syscall" "unsafe" "github.com/pkg/errors" @@ -85,6 +86,15 @@ func (err *ErrDirectoryNotOwned) Error() string { write access to the directory.`, err.Path, owner) } +// ErrLockedRegularFile indicates that the path is a locked regular file. +type ErrLockedRegularFile struct { + Path string +} + +func (err *ErrLockedRegularFile) Error() string { + return fmt.Sprintf("cannot operate on locked regular file %q", err.Path) +} + // ErrNotEncrypted indicates that the path is not encrypted. type ErrNotEncrypted struct { Path string @@ -164,6 +174,9 @@ func buildV2PolicyData(policy *unix.FscryptPolicyV2) *PolicyData { func GetPolicy(path string) (*PolicyData, error) { file, err := os.Open(path) if err != nil { + if err.(*os.PathError).Err == syscall.ENOKEY { + return nil, &ErrLockedRegularFile{path} + } return nil, err } defer file.Close() |