From fbc161a77962fe64e3caad80efb535d28d8c1f74 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sat, 9 May 2020 14:52:07 -0700 Subject: metadata: improve errors ErrBadOwners: Rename to ErrDirectoryNotOwned for clarity, move it from cmd/fscrypt/ to metadata/ where it better belongs, and improve the message. ErrEncrypted: Rename to ErrAlreadyEncrypted for clarity, and include the path. ErrNotEncrypted: Include the path. ErrBadEncryptionOptions: Include the path and bad options. ErrEncryptionNotSupported: ErrEncryptionNotEnabled: Don't wrap with "get encryption policy %s", in preparation for wrapping these with filesystem-level context instead. Also avoid mixing together the error handling for the "get policy" and "set policy" ioctls. Make it very clear how we're handling the errors from each ioctl. --- cli-tests/t_encrypt.out | 24 ++++++++++++------------ cli-tests/t_encrypt_custom.out | 4 ++-- cli-tests/t_encrypt_login.out | 8 ++++---- cli-tests/t_encrypt_raw_key.out | 4 ++-- cli-tests/t_not_enabled.out | 9 +++------ cli-tests/t_not_supported.out | 3 +-- cli-tests/t_status.out | 8 ++++---- cli-tests/t_v1_policy_fs_keyring.out | 4 ++-- 8 files changed, 30 insertions(+), 34 deletions(-) (limited to 'cli-tests') diff --git a/cli-tests/t_encrypt.out b/cli-tests/t_encrypt.out index af38299..e3bace0 100644 --- a/cli-tests/t_encrypt.out +++ b/cli-tests/t_encrypt.out @@ -3,8 +3,8 @@ [ERROR] fscrypt encrypt: no such file or directory ext4 filesystem "MNT" has 0 protectors and 0 policies -[ERROR] fscrypt status: get encryption policy MNT/dir: file - or directory not encrypted +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted # Try to encrypt a nonempty directory [ERROR] fscrypt encrypt: MNT/dir: not an empty directory @@ -14,8 +14,8 @@ in-place. Instead, encrypt an empty directory, copy the files into that encrypted directory, and securely delete the originals with "shred". ext4 filesystem "MNT" has 0 protectors and 0 policies -[ERROR] fscrypt status: get encryption policy MNT/dir: file - or directory not encrypted +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted # Encrypt a directory as non-root user ext4 filesystem "MNT" has 1 protector and 1 policy @@ -52,16 +52,16 @@ PROTECTOR LINKED DESCRIPTION desc1 No custom protector "prot" # Try to encrypt an already-encrypted directory -[ERROR] fscrypt encrypt: MNT/dir: file or directory already - encrypted +[ERROR] fscrypt encrypt: file or directory "MNT/dir" is + already encrypted # Try to encrypt another user's directory as a non-root user -[ERROR] fscrypt encrypt: MNT/dir: you do not own this - directory +[ERROR] fscrypt encrypt: cannot encrypt "MNT/dir" because + it's owned by another user (root). -Encryption can only be setup on directories you own, even if you have write -permission for the directory. + Encryption can only be enabled on a directory you own, + even if you have write access to the directory. ext4 filesystem "MNT" has 0 protectors and 0 policies -[ERROR] fscrypt status: get encryption policy MNT/dir: file - or directory not encrypted +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted diff --git a/cli-tests/t_encrypt_custom.out b/cli-tests/t_encrypt_custom.out index e7b8656..8dd15e3 100644 --- a/cli-tests/t_encrypt_custom.out +++ b/cli-tests/t_encrypt_custom.out @@ -51,5 +51,5 @@ desc6 No custom protector "prot" Use --name=PROTECTOR_NAME to specify a protector name. ext4 filesystem "MNT" has 0 protectors and 0 policies -[ERROR] fscrypt status: get encryption policy MNT/dir: file - or directory not encrypted +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted diff --git a/cli-tests/t_encrypt_login.out b/cli-tests/t_encrypt_login.out index 7ee66a2..e8e0e41 100644 --- a/cli-tests/t_encrypt_login.out +++ b/cli-tests/t_encrypt_login.out @@ -139,8 +139,8 @@ ext4 filesystem "MNT" has 0 protectors and 0 policies ext4 filesystem "MNT_ROOT" has 0 protectors and 0 policies -[ERROR] fscrypt status: get encryption policy MNT/dir: file - or directory not encrypted +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted # Try to use the wrong login passphrase [ERROR] fscrypt encrypt: incorrect login passphrase @@ -148,5 +148,5 @@ ext4 filesystem "MNT" has 0 protectors and 0 policies ext4 filesystem "MNT_ROOT" has 0 protectors and 0 policies -[ERROR] fscrypt status: get encryption policy MNT/dir: file - or directory not encrypted +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted diff --git a/cli-tests/t_encrypt_raw_key.out b/cli-tests/t_encrypt_raw_key.out index c7c46eb..8765ba2 100644 --- a/cli-tests/t_encrypt_raw_key.out +++ b/cli-tests/t_encrypt_raw_key.out @@ -21,5 +21,5 @@ desc1 No raw key protector "prot" [ERROR] fscrypt encrypt: TMPDIR/raw_key: key file must be 32 bytes ext4 filesystem "MNT" has 0 protectors and 0 policies -[ERROR] fscrypt status: get encryption policy MNT/dir: file - or directory not encrypted +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted diff --git a/cli-tests/t_not_enabled.out b/cli-tests/t_not_enabled.out index 7d74bcf..760f9dd 100644 --- a/cli-tests/t_not_enabled.out +++ b/cli-tests/t_not_enabled.out @@ -2,24 +2,21 @@ # Disable encryption on DEV # Try to encrypt a directory when encryption is disabled -[ERROR] fscrypt encrypt: get encryption policy MNT/dir: - encryption not enabled +[ERROR] fscrypt encrypt: encryption not enabled Encryption is either disabled in the kernel config, or needs to be enabled for this filesystem. See the documentation on how to enable encryption on ext4 systems (and the risks of doing so). # Try to unlock a directory when encryption is disabled -[ERROR] fscrypt unlock: get encryption policy MNT/dir: - encryption not enabled +[ERROR] fscrypt unlock: encryption not enabled Encryption is either disabled in the kernel config, or needs to be enabled for this filesystem. See the documentation on how to enable encryption on ext4 systems (and the risks of doing so). # Try to lock a directory when encryption is disabled -[ERROR] fscrypt lock: get encryption policy MNT/dir: - encryption not enabled +[ERROR] fscrypt lock: encryption not enabled Encryption is either disabled in the kernel config, or needs to be enabled for this filesystem. See the documentation on how to enable encryption on ext4 diff --git a/cli-tests/t_not_supported.out b/cli-tests/t_not_supported.out index 8af840c..dd71599 100644 --- a/cli-tests/t_not_supported.out +++ b/cli-tests/t_not_supported.out @@ -5,7 +5,6 @@ Metadata directories created at "MNT/.fscrypt". # Try to encrypt a directory on tmpfs -[ERROR] fscrypt encrypt: get encryption policy MNT/dir: - encryption not supported +[ERROR] fscrypt encrypt: encryption not supported Encryption for this type of filesystem is not supported on this kernel version. diff --git a/cli-tests/t_status.out b/cli-tests/t_status.out index b036712..08ce3b2 100644 --- a/cli-tests/t_status.out +++ b/cli-tests/t_status.out @@ -10,10 +10,10 @@ ext4 filesystem "MNT" has 0 protectors and 0 policies # Get status of unencrypted directory on setup mountpoint -[ERROR] fscrypt status: get encryption policy MNT/dir: file - or directory not encrypted -[ERROR] fscrypt status: get encryption policy MNT/dir: file - or directory not encrypted +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted # Remove fscrypt metadata from MNT diff --git a/cli-tests/t_v1_policy_fs_keyring.out b/cli-tests/t_v1_policy_fs_keyring.out index ca32ec1..cfc8f7c 100644 --- a/cli-tests/t_v1_policy_fs_keyring.out +++ b/cli-tests/t_v1_policy_fs_keyring.out @@ -10,8 +10,8 @@ Either this command should be run as root, or you should set re-create your encrypted directories using v2 encryption policies rather than v1 (this requires setting '"policy_version": "2"' in the "options" section of /etc/fscrypt.conf). -[ERROR] fscrypt status: get encryption policy MNT/dir: file - or directory not encrypted +[ERROR] fscrypt status: file or directory "MNT/dir" is not + encrypted # Encrypt directory as user with --skip-unlock "MNT/dir" is encrypted with fscrypt. -- cgit v1.2.3