| Age | Commit message (Collapse) | Author |
|---|
|
Add a version of loadMountInfo() that takes an io.Reader parameter to
allow injecting a custom mountinfo file, then add some unit tests.
|
|
Currently, fscrypt treats bind mounts as separate filesystems. This is
broken because fscrypt will look for a directory's encryption policy in
different places depending on which mount it's accessed through. This
forces users to create an fscrypt metadata directory at every bind
mount, and to copy fscrypt metadata around between mounts.
Fix this by storing fscrypt metadata only at the root of the filesystem.
To accomplish this:
- Make mountsByDevice store only a single Mount per filesystem, rather
than multiple. For this Mount, choose a mount of the full filesystem
if available, preferably a read-write mount. If the filesystem has
only bind mounts, store a nil entry in mountsByDevice so we can show a
proper error message later.
- Change FindMount() and GetMount() to look up the Mount by device
number rather than by path, so that they don't return different Mounts
depending on which path is used.
- Change AllFilesystems() to not return bind mounts.
- Due to the above changes, the mountsByPath map is no longer needed
outside of loadMountInfo(). So make it a local variable there.
Resolves https://github.com/google/fscrypt/issues/59
|
|
The previous patch fixed making linked protectors to /dev/root, by
setting Mount.Device to the real device node rather than /dev/root.
That's good, but it also hints that the linked protector handling is
unnecessarily fragile, as it relies on the device node name matching
exactly. The Linux kernel allows the same device to have multiple
device nodes, and path comparisons are slow and error-prone in general.
Change it to compare the device number instead.
|
|
A root filesystem mounted via the kernel command line always has a
source of "/dev/root", which isn't a real device node. This makes
fscrypt think this filesystem doesn't have a source device, which breaks
creating login passphrase-protected directories on other filesystems:
fscrypt encrypt: filesystem /: no device for mount "/": system error: cannot create filesystem link
This also makes 'fscrypt status' show a blank source device:
MOUNTPOINT DEVICE FILESYSTEM ENCRYPTION FSCRYPT
/ ext4 supported Yes
To fix this case, update loadMountInfo() to map the device number to the
device name via sysfs rather than use the mount source field.
|
|
Add a utility type and functions for handling device numbers.
|
|
The kernel always shows mountpoints as absolute paths without symlinks,
so there's no need to canonicalize them in userspace.
|
|
Change loadMountInfo() to load the mounts directly from
/proc/self/mountinfo, rather than use the mntent.h C library calls.
This is needed for correct handling of bind mounts and of "/dev/root",
since /proc/self/mountinfo has extra fields which show the mounted
subtree and the filesystem's device number. /proc/mounts lacks these
fields, and the C library calls can't provide them.
To start, this patch just switches to using /proc/self/mountinfo,
without doing anything with the extra fields yet.
As a bonus, this eliminates all C code in mountpoint.go.
|
|
Make it clearer that this function loads data into global data
structures, and doesn't return anything.
|
|
fscrypt doesn't currently do anything with the mount options, so remove
them from the Mount structure for now.
|
|
Make it clear that this refers to a type of filesystem such as "ext4",
rather than to a specific filesystem instance.
|
|
See: https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module
The tool code is never actually built, but the versions are still lock
in `go.mod` and `go.sum`. We can also simplify the Makefile.
|
|
As the Go community transitions to using the modules ecosystem,
we want to only support one way of managing dependencies.
So this change moves to only using Go modules for dependency management.
This means that our effective minimum Go version increases to Go 1.11.
To account for this, we also update:
- the documentation
- Makefile
- CI scripts
|
|
Simple optimization to reduce memory allocations and copying when appending.
|
|
If the user has set a restrictive umask, e.g. 0077, then
/etc/fscrypt.conf would be created without the world-readable bit set.
Fix it by overriding the umask when creating the file.
Resolves https://github.com/google/fscrypt/issues/151
|
|
filesystem: allow .fscrypt to be a symlink
|
|
This makes it easier to understand which code is actually invoked by the
command-line tool.
|
|
Support the case where the user has a read-only root filesystem (e.g.
with OSTree) and had previously created a symlink /.fscrypt pointing to
a writable location, so that login protectors can be created there.
Resolves https://github.com/google/fscrypt/issues/131
|
|
Make the global setup command also create the metadata directory at
/.fscrypt, since that's where login protectors are placed, even when the
actual encrypted directories are on a different filesystem.
Resolves https://github.com/google/fscrypt/issues/129
|
|
Also add go version attrubute to go.mod
|
|
Show the encryption options when running 'fscrypt status' on a
directory. E.g.:
Policy: 490515286453d3f7
Options: padding:32 contents:Adiantum filenames:Adiantum
Unlocked: Yes
|
|
* filesystem: ensure data is persisted before returning success
Sync the temporary file before renaming it, to ensure that after a
crash, the destination file isn't zero-length or otherwise incomplete.
Also sync the directory after the rename, to ensure the rename has been
persisted before returning success.
* filesystem: don't use fixed temporary file name
Using a fixed temporary file name in a world-writable sticky directory
is problematic since another user can create the file first.
Use ioutil.TempFile() to do it properly. It uses O_EXCL under the hood
to ensure the file is newly created.
|
|
These were found by a combination of manual review and a custom script
that checks for common errors.
Also removed an outdated sentence from the comment for setupBefore().
|
|
Add the tags file to .gitignore, for developers using
https://github.com/jstemmer/gotags.
|
|
Fix 'make format'-related CI failure
|
|
This fixes a CI failure, caused by goimports changing how it formats the
imports.
|
|
Due to a goimports update, 'make format' is now changing metadata.pb.go.
But this fix can't be committed because this file is generated by
'make gen'.
Fix this by not formatting generated files.
|
|
Resolves https://github.com/google/fscrypt/issues/124
|
|
Resolves https://github.com/google/fscrypt/issues/117
Resolves https://github.com/google/fscrypt/issues/127
|
|
Resolves https://github.com/google/fscrypt/issues/58
|
|
Resolves https://github.com/google/fscrypt/issues/132
|
|
Fixes CI issues
|
|
Install pam modules/configs to the right location
|
|
|
|
Per the FHS, manually installed programs should go under /usr/local.
This change also makes it easier to change the global installation
prefix. For example, package managers should set PREFIX=/usr
|
|
Add support for the Adiantum encryption mode
|
|
Makefile: migrate from megacheck to staticcheck
|
|
This fixes travis issues as well as moving us off of deprecated tooling
|
|
Add Adiantum support to the fscrypt userspace tool. Supported in the
kernel since v5.0-rc1, Adiantum is a length-preserving encryption mode
based primarily on XChaCha12. It is fast even on CPUs without AES
instructions. Unlike XTS it is also a wide-block encryption mode.
Adiantum is supported for both contents and filenames encryption.
For Adiantum encryption policies, also make the fscrypt tool provide the
new DIRECT_KEY flag, which further improves performance by requesting
that all files be encrypted directly with the policy key. This takes
advantage of Adiantum's support for long tweaks.
See the kernel commit "fscrypt: add Adiantum support"
(https://git.kernel.org/torvalds/c/8094c3ceb21ad938) for more details.
|
|
Makefile: use a specific protoc-gen-go version
|
|
'make gen' no longer works because it uses the git version of
protoc-gen-go, which is no longer compatible with the latest released
version of github.com/golang/protobuf/proto, which we're using. Freeze
the protoc-gen-go version so that it keeps working.
|
|
README: fix "Debain" typo
|
|
|
|
feat(spell-check): add make command for spell check.
|
|
* Remove spelling mistakes in the repository
* Add travis script to check for typos.
* Add command to Makefile to check for typos.
* Fixes #71
|
|
Use Go Modules and support Go 1.11 building
|
|
|
|
|
|
|
|
|
|
|
