git.apps.os.sepia.ceph.com Git - fscrypt.git/commit

author	Eric Biggers <ebiggers@google.com>
	Wed, 18 Mar 2020 04:10:58 +0000 (21:10 -0700)
committer	Eric Biggers <ebiggers@google.com>
	Mon, 23 Mar 2020 20:20:27 +0000 (13:20 -0700)
commit	c123f5a24de5a25185653de8e6f970184fde035d
tree	b61e89c74cc241fb6d5c6255e6063cebfec84614	tree \| snapshot
parent	ec85cc8f987647c2b264c1f95dadda0f71c3d991	commit \| diff

Improve error message when setting v2 policy is unsupported

If trying to encrypt a directory using a v2 policy fails due to the
kernel lacking support for v2 policies, show a better error message.

One way this can happen is if someone runs 'fscrypt setup' with a new
kernel and then downgrades to an old kernel.

Before:

  # echo -n hunter2 | fscrypt encrypt dir --source=custom_passphrase --name=foo --quiet
  [ERROR] fscrypt encrypt: inappropriate ioctl for device: system error: could not add key to the keyring

After:

  # echo -n hunter2 | fscrypt encrypt dir --source=custom_passphrase --name=foo --quiet
  [ERROR] fscrypt encrypt: kernel is too old to support v2 encryption policies

  v2 encryption policies are only supported by kernel version 5.4 and
  later. Either use a newer kernel, or change policy_version to 1 in
  /etc/fscrypt.conf.

cmd/fscrypt/errors.go		diff \| blob \| history
keyring/keyring.go		diff \| blob \| history