From d0efe1f27b4229011292c076b923db985bcb6de4 Mon Sep 17 00:00:00 2001
From: "Joe Richey joerichey@google.com" <joerichey@google.com>
Date: Mon, 17 Jul 2017 13:19:43 -0700
Subject: cmd/fscrypt: Check support before encrypting

Almost all actions only need to to check that the fscrypt metadata
exists (this is handled by the Mount methods). Only "fscrypt encrypt"
need to be sure the filesystem also supports encryption, so this check
is added.
---
 cmd/fscrypt/commands.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'cmd/fscrypt')

diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go
index 2049b57..4f53fe2 100644
--- a/cmd/fscrypt/commands.go
+++ b/cmd/fscrypt/commands.go
@@ -198,11 +198,12 @@ func checkEncryptable(ctx *actions.Context, path string) error {
 		return errors.Wrap(ErrNotEmptyDir, path)
 	}
 
-	log.Printf("ensuring %s is not encrypted and filesystem is using fscrypt", path)
+	log.Printf("ensuring %s supports encryption and filesystem is using fscrypt", path)
 	switch _, err := actions.GetPolicyFromPath(ctx, path); errors.Cause(err) {
 	case metadata.ErrNotEncrypted:
-		// We are not encrypted
-		return nil
+		// We are not encrypted. Finally, we check that the filesystem
+		// supports encryption
+		return ctx.Mount.CheckSupport()
 	case nil:
 		// We are encrypted
 		return errors.Wrap(metadata.ErrEncrypted, path)
-- 
cgit v1.2.3