diff --git a/go.mod b/go.mod index 12fb2b2e..3a218184 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ replace ( ) require ( - github.com/google/fscrypt v0.3.4 + github.com/google/fscrypt v0.3.5 github.com/longhorn/go-common-libs v0.0.0-20240319112414-b75404dc7fbc github.com/mitchellh/go-ps v1.0.0 github.com/pkg/errors v0.9.1 diff --git a/go.sum b/go.sum index ac80591c..8c86eba5 100644 --- a/go.sum +++ b/go.sum @@ -23,6 +23,8 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/fscrypt v0.3.4 h1:XGSVMIsQFooj82aRRfYn3JpgU/4fOTnzXPnjhxC8uH8= github.com/google/fscrypt v0.3.4/go.mod h1:BRpw7vaeDitXGRvXa281i/ivQszAdBIiUYDWHjVTkcs= +github.com/google/fscrypt v0.3.5 h1:RunYtVg2Z79hfh1W1ZP1k7TaSMYkbELUyMMzAmikyTc= +github.com/google/fscrypt v0.3.5/go.mod h1:HyY8Z/kUPrnIKAwuhjrn2tSTM5/s9zfRRTqRMG0mHks= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= diff --git a/vendor/github.com/google/fscrypt/filesystem/filesystem.go b/vendor/github.com/google/fscrypt/filesystem/filesystem.go index 0e1f0c82..98294358 100644 --- a/vendor/github.com/google/fscrypt/filesystem/filesystem.go +++ b/vendor/github.com/google/fscrypt/filesystem/filesystem.go @@ -21,15 +21,15 @@ // Package filesystem deals with the structure of the files on disk used to // store the metadata for fscrypt. Specifically, this package includes: -// - mountpoint management (mountpoint.go) -// - querying existing mounted filesystems -// - getting filesystems from a UUID -// - finding the filesystem for a specific path -// - metadata organization (filesystem.go) -// - setting up a mounted filesystem for use with fscrypt -// - adding/querying/deleting metadata -// - making links to other filesystems' metadata -// - following links to get data from other filesystems +// 1. mountpoint management (mountpoint.go) +// - querying existing mounted filesystems +// - getting filesystems from a UUID +// - finding the filesystem for a specific path +// 2. metadata organization (filesystem.go) +// - setting up a mounted filesystem for use with fscrypt +// - adding/querying/deleting metadata +// - making links to other filesystems' metadata +// - following links to get data from other filesystems package filesystem import ( @@ -195,6 +195,7 @@ func (err *ErrProtectorNotFound) Error() string { var SortDescriptorsByLastMtime = false // Mount contains information for a specific mounted filesystem. +// // Path - Absolute path where the directory is mounted // FilesystemType - Type of the mounted filesystem, e.g. "ext4" // Device - Device for filesystem (empty string if we cannot find one) @@ -210,8 +211,9 @@ var SortDescriptorsByLastMtime = false // setup first. Specifically, the directories created look like: // // └── .fscrypt -// ├── policies -// └── protectors +// +// ├── policies +// └── protectors // // These "policies" and "protectors" directories will contain files that are // the corresponding metadata structures for policies and protectors. The public @@ -723,13 +725,13 @@ func (m *Mount) addMetadata(path string, md metadata.Metadata, owner *user.User) // considering that it could be a malicious file created to cause a // denial-of-service. Specifically, the following checks are done: // -// - It must be a regular file, not another type of file like a symlink or FIFO. -// (Symlinks aren't bad by themselves, but given that a malicious user could -// point one to absolutely anywhere, and there is no known use case for the -// metadata files themselves being symlinks, it seems best to disallow them.) -// - It must have a reasonable size (<= maxMetadataFileSize). -// - If trustedUser is non-nil, then the file must be owned by the given user -// or by root. +// - It must be a regular file, not another type of file like a symlink or FIFO. +// (Symlinks aren't bad by themselves, but given that a malicious user could +// point one to absolutely anywhere, and there is no known use case for the +// metadata files themselves being symlinks, it seems best to disallow them.) +// - It must have a reasonable size (<= maxMetadataFileSize). +// - If trustedUser is non-nil, then the file must be owned by the given user +// or by root. // // Take care to avoid TOCTOU (time-of-check-time-of-use) bugs when doing these // tests. Notably, we must open the file before checking the file type, as the diff --git a/vendor/github.com/google/fscrypt/filesystem/mountpoint.go b/vendor/github.com/google/fscrypt/filesystem/mountpoint.go index 0abae06f..ae432bf1 100644 --- a/vendor/github.com/google/fscrypt/filesystem/mountpoint.go +++ b/vendor/github.com/google/fscrypt/filesystem/mountpoint.go @@ -106,6 +106,7 @@ func getDeviceName(num DeviceNumber) string { // Parse one line of /proc/self/mountinfo. // // The line contains the following space-separated fields: +// // [0] mount ID // [1] parent ID // [2] major:minor @@ -184,11 +185,11 @@ func addUncontainedSubtreesRecursive(dst map[string]bool, // preferably a read-write mount. However, that doesn't work in containers // where the "/" subtree might not be mounted. Here's a real-world example: // -// mnt.Subtree mnt.Path -// ----------- -------- -// /var/lib/lxc/base/rootfs / -// /var/cache/pacman/pkg /var/cache/pacman/pkg -// /srv/repo/x86_64 /srv/http/x86_64 +// mnt.Subtree mnt.Path +// ----------- -------- +// /var/lib/lxc/base/rootfs / +// /var/cache/pacman/pkg /var/cache/pacman/pkg +// /srv/repo/x86_64 /srv/http/x86_64 // // In this case, all mnt.Subtree are independent. To handle this case, we must // choose the Mount whose mnt.Path contains the others, i.e. the first one. @@ -199,10 +200,10 @@ func addUncontainedSubtreesRecursive(dst map[string]bool, // needed to correctly handle bind mounts. For example, in the following case, // the first Mount should be chosen: // -// mnt.Subtree mnt.Path -// ----------- -------- -// /foo /foo -// /foo/dir /dir +// mnt.Subtree mnt.Path +// ----------- -------- +// /foo /foo +// /foo/dir /dir // // To solve this, we divide the mounts into non-overlapping trees of mnt.Path. // Then, we choose one of these trees which contains (exactly or via path diff --git a/vendor/github.com/google/fscrypt/metadata/config.go b/vendor/github.com/google/fscrypt/metadata/config.go index 1d93d749..65fd7b52 100644 --- a/vendor/github.com/google/fscrypt/metadata/config.go +++ b/vendor/github.com/google/fscrypt/metadata/config.go @@ -21,9 +21,9 @@ // Package metadata contains all of the on disk structures. // These structures are defined in metadata.proto. The package also // contains functions for manipulating these structures, specifically: -// * Reading and Writing the Config file to disk -// * Getting and Setting Policies for directories -// * Reasonable defaults for a Policy's EncryptionOptions +// - Reading and Writing the Config file to disk +// - Getting and Setting Policies for directories +// - Reasonable defaults for a Policy's EncryptionOptions package metadata import ( diff --git a/vendor/github.com/google/fscrypt/metadata/metadata.pb.go b/vendor/github.com/google/fscrypt/metadata/metadata.pb.go index 6a335f94..8f350168 100644 --- a/vendor/github.com/google/fscrypt/metadata/metadata.pb.go +++ b/vendor/github.com/google/fscrypt/metadata/metadata.pb.go @@ -23,7 +23,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 +// protoc-gen-go v1.33.0 // protoc v3.6.1 // source: metadata/metadata.proto diff --git a/vendor/github.com/google/fscrypt/metadata/policy.go b/vendor/github.com/google/fscrypt/metadata/policy.go index 7831e53a..fe6c38f3 100644 --- a/vendor/github.com/google/fscrypt/metadata/policy.go +++ b/vendor/github.com/google/fscrypt/metadata/policy.go @@ -28,6 +28,7 @@ import ( "os" "os/user" "strconv" + "syscall" "unsafe" "github.com/pkg/errors" @@ -85,6 +86,15 @@ func (err *ErrDirectoryNotOwned) Error() string { write access to the directory.`, err.Path, owner) } +// ErrLockedRegularFile indicates that the path is a locked regular file. +type ErrLockedRegularFile struct { + Path string +} + +func (err *ErrLockedRegularFile) Error() string { + return fmt.Sprintf("cannot operate on locked regular file %q", err.Path) +} + // ErrNotEncrypted indicates that the path is not encrypted. type ErrNotEncrypted struct { Path string @@ -164,6 +174,9 @@ func buildV2PolicyData(policy *unix.FscryptPolicyV2) *PolicyData { func GetPolicy(path string) (*PolicyData, error) { file, err := os.Open(path) if err != nil { + if err.(*os.PathError).Err == syscall.ENOKEY { + return nil, &ErrLockedRegularFile{path} + } return nil, err } defer file.Close() diff --git a/vendor/modules.txt b/vendor/modules.txt index 351a782c..99a0e286 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -18,8 +18,8 @@ github.com/go-ole/go-ole/oleutil # github.com/golang/protobuf v1.5.4 ## explicit; go 1.17 github.com/golang/protobuf/proto -# github.com/google/fscrypt v0.3.4 -## explicit; go 1.16 +# github.com/google/fscrypt v0.3.5 +## explicit; go 1.18 github.com/google/fscrypt/filesystem github.com/google/fscrypt/metadata github.com/google/fscrypt/util