From 5c1f617c647eb0e9af5ce57758fa58f7e3f4db83 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sat, 13 Jun 2020 10:06:15 -0700 Subject: cmd/fscrypt: adjust status message for v1-encrypted dirs When 'fscrypt status DIR' detects that a v1-encrypted directory is still usable but its key seems to be absent, it shows the status as "Unlocked: Partially (incompletely locked)". But actually it can also be the case that the directory is unlocked by another user. Adjust the status message accordingly. This commit also fixes cli-tests/t_v1_policy. --- cmd/fscrypt/status.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'cmd') diff --git a/cmd/fscrypt/status.go b/cmd/fscrypt/status.go index 02fdc74..255bb2b 100644 --- a/cmd/fscrypt/status.go +++ b/cmd/fscrypt/status.go @@ -68,13 +68,12 @@ func policyUnlockedStatus(policy *actions.Policy, path string) string { status := policy.GetProvisioningStatus() // Due to a limitation in the old kernel API for fscrypt, for v1 - // policies using the user keyring that are incompletely locked we'll - // get KeyAbsent, not KeyAbsentButFilesBusy as expected. If we have a - // directory path, use a heuristic to try to detect whether it is still - // usable and thus the policy is actually incompletely locked. + // policies using the user keyring that are incompletely locked or are + // unlocked by another user, we'll get KeyAbsent. If we have a + // directory path, use a heuristic to try to detect these cases. if status == keyring.KeyAbsent && policy.NeedsUserKeyring() && path != "" && isDirUnlockedHeuristic(path) { - status = keyring.KeyAbsentButFilesBusy + return "Partially (incompletely locked, or unlocked by another user)" } switch status { -- cgit v1.2.3