diff options
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/fscrypt/commands.go | 17 | ||||
| -rw-r--r-- | cmd/fscrypt/errors.go | 4 |
2 files changed, 7 insertions, 14 deletions
diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go index 51cf136..86816ba 100644 --- a/cmd/fscrypt/commands.go +++ b/cmd/fscrypt/commands.go @@ -282,11 +282,7 @@ func encryptPath(path string) (err error) { } }() } - if err = policy.Apply(path); os.IsPermission(errors.Cause(err)) { - // EACCES at this point indicates ownership issues. - err = errors.Wrap(ErrBadOwners, path) - } - if err != nil { + if err = policy.Apply(path); err != nil { return } if recoveryPassphrase != nil { @@ -320,14 +316,15 @@ func checkEncryptable(ctx *actions.Context, path string) error { log.Printf("ensuring %s supports encryption and filesystem is using fscrypt", path) switch _, err := actions.GetPolicyFromPath(ctx, path); errors.Cause(err) { - case metadata.ErrNotEncrypted: - // We are not encrypted. Finally, we check that the filesystem - // supports encryption - return ctx.Mount.CheckSupport() case nil: // We are encrypted - return errors.Wrap(metadata.ErrEncrypted, path) + return &metadata.ErrAlreadyEncrypted{path} default: + if _, ok := err.(*metadata.ErrNotEncrypted); ok { + // We are not encrypted. Finally, we check that the filesystem + // supports encryption + return ctx.Mount.CheckSupport() + } return err } } diff --git a/cmd/fscrypt/errors.go b/cmd/fscrypt/errors.go index 3f7150b..6119862 100644 --- a/cmd/fscrypt/errors.go +++ b/cmd/fscrypt/errors.go @@ -57,7 +57,6 @@ var ( ErrMustBeRoot = errors.New("this command must be run as root") ErrPolicyUnlocked = errors.New("this file or directory is already unlocked") ErrPolicyLocked = errors.New("this file or directory is already locked") - ErrBadOwners = errors.New("you do not own this directory") ErrNotEmptyDir = errors.New("not an empty directory") ErrNotPassphrase = errors.New("protector does not use a passphrase") ErrUnknownUser = errors.New("unknown user") @@ -133,9 +132,6 @@ func getErrorSuggestions(err error) string { return fmt.Sprintf("Use %s to specify a protector.", shortDisplay(protectorFlag)) case ErrSpecifyKeyFile: return fmt.Sprintf("Use %s to specify a key file.", shortDisplay(keyFileFlag)) - case ErrBadOwners: - return `Encryption can only be setup on directories you own, - even if you have write permission for the directory.` case ErrNotEmptyDir: return `Encryption can only be setup on empty directories; files cannot be encrypted in-place. Instead, encrypt an empty |