git.apps.os.sepia.ceph.com Git - fscrypt.git/commit

author	Eric Biggers <ebiggers@google.com>
	Wed, 23 Feb 2022 20:35:04 +0000 (12:35 -0800)
committer	Eric Biggers <ebiggers@google.com>
	Wed, 23 Feb 2022 20:35:04 +0000 (12:35 -0800)
commit	d4ce0b892cbe68db9f90f4015342e6a9069b079c
tree	9934a74b71590b5e4bcd0067391ffe3ec602a77a	tree \| snapshot
parent	85a747493ff368a72f511619ecd391016ecb933c	commit \| diff

Make all new metadata files owned by user when needed

Since commit 4c7c6631cc5a ("Set owner of login protectors to correct
user"), login protectors are made owned by the user when root creates
one on a user's behalf. That's good, but the same isn't true of other
files that get created at the same time:

- The policy protecting the directory
- The protector link file, if the policy is on a different filesystem
- The recovery protector, if the policy is on a different filesystem
- The recovery instructions file

In preparation for setting all metadata files to mode 0600, start making
all these files owned by the user in this scenario as well.

actions/policy.go		diff \| blob \| history
actions/policy_test.go		diff \| blob \| history
actions/protector.go		diff \| blob \| history
actions/protector_test.go		diff \| blob \| history
actions/recovery.go		diff \| blob \| history
cli-tests/t_encrypt_login.out		diff \| blob \| history
cli-tests/t_encrypt_login.sh		diff \| blob \| history
cmd/fscrypt/protector.go		diff \| blob \| history
filesystem/filesystem.go		diff \| blob \| history
filesystem/filesystem_test.go		diff \| blob \| history