From fbc161a77962fe64e3caad80efb535d28d8c1f74 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sat, 9 May 2020 14:52:07 -0700 Subject: metadata: improve errors ErrBadOwners: Rename to ErrDirectoryNotOwned for clarity, move it from cmd/fscrypt/ to metadata/ where it better belongs, and improve the message. ErrEncrypted: Rename to ErrAlreadyEncrypted for clarity, and include the path. ErrNotEncrypted: Include the path. ErrBadEncryptionOptions: Include the path and bad options. ErrEncryptionNotSupported: ErrEncryptionNotEnabled: Don't wrap with "get encryption policy %s", in preparation for wrapping these with filesystem-level context instead. Also avoid mixing together the error handling for the "get policy" and "set policy" ioctls. Make it very clear how we're handling the errors from each ioctl. --- cli-tests/t_not_enabled.out | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'cli-tests/t_not_enabled.out') diff --git a/cli-tests/t_not_enabled.out b/cli-tests/t_not_enabled.out index 7d74bcf..760f9dd 100644 --- a/cli-tests/t_not_enabled.out +++ b/cli-tests/t_not_enabled.out @@ -2,24 +2,21 @@ # Disable encryption on DEV # Try to encrypt a directory when encryption is disabled -[ERROR] fscrypt encrypt: get encryption policy MNT/dir: - encryption not enabled +[ERROR] fscrypt encrypt: encryption not enabled Encryption is either disabled in the kernel config, or needs to be enabled for this filesystem. See the documentation on how to enable encryption on ext4 systems (and the risks of doing so). # Try to unlock a directory when encryption is disabled -[ERROR] fscrypt unlock: get encryption policy MNT/dir: - encryption not enabled +[ERROR] fscrypt unlock: encryption not enabled Encryption is either disabled in the kernel config, or needs to be enabled for this filesystem. See the documentation on how to enable encryption on ext4 systems (and the risks of doing so). # Try to lock a directory when encryption is disabled -[ERROR] fscrypt lock: get encryption policy MNT/dir: - encryption not enabled +[ERROR] fscrypt lock: encryption not enabled Encryption is either disabled in the kernel config, or needs to be enabled for this filesystem. See the documentation on how to enable encryption on ext4 -- cgit v1.2.3 From 66fb4c557644ba2c37951a7568c06c47a6c718a7 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sat, 9 May 2020 14:52:07 -0700 Subject: filesystem: improve errors Introduce filesystem.ErrEncryptionNotEnabled and filesystem.ErrEncryptionNotSupported which include the Mount as context, and translate the corresponding metadata/ errors into them. Then make these errors show much better suggestions. Also replace lots of other filesystem/ errors with either custom types or with unnamed one-off errors that include more context. Fix backwards wrapping in lots of cases. Finally, don't include the mountpoint in places where it's not useful, like OS-level errors that already include the path. --- cli-tests/t_not_enabled.out | 51 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 39 insertions(+), 12 deletions(-) (limited to 'cli-tests/t_not_enabled.out') diff --git a/cli-tests/t_not_enabled.out b/cli-tests/t_not_enabled.out index 760f9dd..4553891 100644 --- a/cli-tests/t_not_enabled.out +++ b/cli-tests/t_not_enabled.out @@ -2,25 +2,52 @@ # Disable encryption on DEV # Try to encrypt a directory when encryption is disabled -[ERROR] fscrypt encrypt: encryption not enabled +[ERROR] fscrypt encrypt: encryption not enabled on filesystem + MNT (DEV). -Encryption is either disabled in the kernel config, or needs to be enabled for -this filesystem. See the documentation on how to enable encryption on ext4 -systems (and the risks of doing so). +To enable encryption support on this filesystem, run: + + sudo tune2fs -O encrypt "DEV" + +Also ensure that your kernel has CONFIG_FS_ENCRYPTION=y. See the documentation +for more details. # Try to unlock a directory when encryption is disabled -[ERROR] fscrypt unlock: encryption not enabled +[ERROR] fscrypt unlock: encryption not enabled on filesystem + MNT (DEV). + +To enable encryption support on this filesystem, run: -Encryption is either disabled in the kernel config, or needs to be enabled for -this filesystem. See the documentation on how to enable encryption on ext4 -systems (and the risks of doing so). + sudo tune2fs -O encrypt "DEV" + +Also ensure that your kernel has CONFIG_FS_ENCRYPTION=y. See the documentation +for more details. # Try to lock a directory when encryption is disabled -[ERROR] fscrypt lock: encryption not enabled +[ERROR] fscrypt lock: encryption not enabled on filesystem + MNT (DEV). + +To enable encryption support on this filesystem, run: + + sudo tune2fs -O encrypt "DEV" + +Also ensure that your kernel has CONFIG_FS_ENCRYPTION=y. See the documentation +for more details. + +# Check for additional message when GRUB appears to be installed +[ERROR] fscrypt encrypt: encryption not enabled on filesystem + MNT (DEV). + +To enable encryption support on this filesystem, run: + + sudo tune2fs -O encrypt "DEV" + +WARNING: you seem to have GRUB installed on this filesystem. Before doing the +above, make sure you are using GRUB v2.04 or later; otherwise your system will +become unbootable. -Encryption is either disabled in the kernel config, or needs to be enabled for -this filesystem. See the documentation on how to enable encryption on ext4 -systems (and the risks of doing so). +Also ensure that your kernel has CONFIG_FS_ENCRYPTION=y. See the documentation +for more details. # Enable encryption on DEV -- cgit v1.2.3