Documentation ¶
Index ¶
- func CheckFLockedPID(filepath string) error
- func CopyFile(sourcePath, destPath string, overwrite bool) (bool, error)
- func HaveReadAccessTo(path string) bool
- func MakeFLockedPID(filepath string) (*os.File, error)
- func MoveFile(sourcePath, destPath string, overwrite bool) (bool, error)
- func OpenFileOverridingUmask(name string, flag int, perm os.FileMode) (*os.File, error)
- func SplitFileName(file string) (string, string)
- func UpdateMountInfo() error
- type DeviceNumber
- type ErrAlreadySetup
- type ErrCorruptMetadata
- type ErrFollowLink
- type ErrMakeLink
- type ErrNotAMountpoint
- type ErrNotSetup
- type ErrPolicyNotFound
- type ErrProtectorNotFound
- type Mount
- type PathSorter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CopyFile ¶
GoLang: os.Rename() give error "invalid cross-device link" for Docker container with Volumes. MoveFile(source, destination) will work moving file between folders
func HaveReadAccessTo ¶
HaveReadAccessTo returns true if the process has read access to a file or directory, without actually opening it.
func MoveFile ¶
GoLang: os.Rename() give error "invalid cross-device link" for Docker container with Volumes. MoveFile(source, destination) will work moving file between folders
func OpenFileOverridingUmask ¶
OpenFileOverridingUmask calls os.OpenFile but with the umask overridden so that no permission bits are masked out if the file is created.
func SplitFileName ¶
func UpdateMountInfo ¶
func UpdateMountInfo() error
UpdateMountInfo updates the filesystem mountpoint maps with the current state of the filesystem mountpoints. Returns error if the initialization fails.
Types ¶
type DeviceNumber ¶
type DeviceNumber uint64
DeviceNumber represents a combined major:minor device number.
func (DeviceNumber) String ¶
func (num DeviceNumber) String() string
type ErrAlreadySetup ¶
type ErrAlreadySetup struct {
Mount *Mount
}
ErrAlreadySetup indicates that a filesystem is already setup for fscrypt.
func (*ErrAlreadySetup) Error ¶
func (err *ErrAlreadySetup) Error() string
type ErrCorruptMetadata ¶
ErrCorruptMetadata indicates that an fscrypt metadata file is corrupt.
func (*ErrCorruptMetadata) Error ¶
func (err *ErrCorruptMetadata) Error() string
type ErrFollowLink ¶
ErrFollowLink indicates that a protector link can't be followed.
func (*ErrFollowLink) Error ¶
func (err *ErrFollowLink) Error() string
type ErrMakeLink ¶
ErrMakeLink indicates that a protector link can't be created.
func (*ErrMakeLink) Error ¶
func (err *ErrMakeLink) Error() string
type ErrNotAMountpoint ¶
type ErrNotAMountpoint struct {
Path string
}
ErrNotAMountpoint indicates that a path is not a mountpoint.
func (*ErrNotAMountpoint) Error ¶
func (err *ErrNotAMountpoint) Error() string
type ErrNotSetup ¶
type ErrNotSetup struct {
Mount *Mount
}
ErrNotSetup indicates that a filesystem is not setup for fscrypt.
func (*ErrNotSetup) Error ¶
func (err *ErrNotSetup) Error() string
type ErrPolicyNotFound ¶
ErrPolicyNotFound indicates that the policy metadata was not found.
func (*ErrPolicyNotFound) Error ¶
func (err *ErrPolicyNotFound) Error() string
type ErrProtectorNotFound ¶
ErrProtectorNotFound indicates that the protector metadata was not found.
func (*ErrProtectorNotFound) Error ¶
func (err *ErrProtectorNotFound) Error() string
type Mount ¶
type Mount struct { Path string FilesystemType string Device string DeviceNumber DeviceNumber Subtree string ReadOnly bool }
Mount contains information for a specific mounted filesystem.
Path - Absolute path where the directory is mounted FilesystemType - Type of the mounted filesystem, e.g. "ext4" Device - Device for filesystem (empty string if we cannot find one) DeviceNumber - Device number of the filesystem. This is set even if Device isn't, since all filesystems have a device number assigned by the kernel, even pseudo-filesystems. Subtree - The mounted subtree of the filesystem. This is usually "/", meaning that the entire filesystem is mounted, but it can differ for bind mounts. ReadOnly - True if this is a read-only mount
In order to use a Mount to store fscrypt metadata, some directories must be setup first. Specifically, the directories created look like: <mountpoint> └── .fscrypt
├── policies └── protectors
These "policies" and "protectors" directories will contain files that are the corresponding metadata structures for policies and protectors. The public interface includes functions for setting up these directories and Adding, Getting, and Removing these files.
There is also the ability to reference another filesystem's metadata. This is used when a Policy on filesystem A is protected with Protector on filesystem B. In this scenario, we store a "link file" in the protectors directory whose contents look like "UUID=3a6d9a76-47f0-4f13-81bf-3332fbe984fb".
We also allow ".fscrypt" to be a symlink which was previously created. This allows login protectors to be created when the root filesystem is read-only, provided that "/.fscrypt" is a symlink pointing to a writable location.
func AllFilesystems ¶
AllFilesystems lists all mounted filesystems ordered by path to their "main" Mount. Use CheckSetup() to see if they are set up for use with fscrypt.
func FindMount ¶
FindMount returns the main Mount object for the filesystem which contains the file at the specified path. An error is returned if the path is invalid or if we cannot load the required mount data. If a mount has been updated since the last call to one of the mount functions, run UpdateMountInfo to see changes.
func GetMount ¶
GetMount is like FindMount, except GetMount also returns an error if the path doesn't name the same file as the filesystem's "main" Mount. For example, if a filesystem is fully mounted at "/mnt" and if "/mnt/a" exists, then FindMount("/mnt/a") will succeed whereas GetMount("/mnt/a") will fail. This is true even if "/mnt/a" is a bind mount of part of the same filesystem.
type PathSorter ¶
type PathSorter []*Mount
PathSorter allows mounts to be sorted by Path.
func (PathSorter) Len ¶
func (p PathSorter) Len() int
func (PathSorter) Less ¶
func (p PathSorter) Less(i, j int) bool
func (PathSorter) Swap ¶
func (p PathSorter) Swap(i, j int)