cephfs: upgrade fscrypt version to fix concurrency issue

In older versions of fscrypt there is a race condition when multiple encrypted cephfs instances are deployed simultaneously. Signed-off-by: NymanRobin <robin.nyman@est.tech>
2025-06-13 10:33:35 +00:00 · 2024-05-08 12:58:38 +03:00
parent 55bc4b406f
commit 3073409695
13 changed files with 101 additions and 54 deletions
--- a/vendor/github.com/google/fscrypt/filesystem/filesystem.go
+++ b/vendor/github.com/google/fscrypt/filesystem/filesystem.go
@ -21,15 +21,15 @@

 // Package filesystem deals with the structure of the files on disk used to
 // store the metadata for fscrypt. Specifically, this package includes:
-//	- mountpoint management (mountpoint.go)
-//		- querying existing mounted filesystems
-//		- getting filesystems from a UUID
-//		- finding the filesystem for a specific path
-//	- metadata organization (filesystem.go)
-//		- setting up a mounted filesystem for use with fscrypt
-//		- adding/querying/deleting metadata
-//		- making links to other filesystems' metadata
-//		- following links to get data from other filesystems
+//  1. mountpoint management (mountpoint.go)
+//     - querying existing mounted filesystems
+//     - getting filesystems from a UUID
+//     - finding the filesystem for a specific path
+//  2. metadata organization (filesystem.go)
+//     - setting up a mounted filesystem for use with fscrypt
+//     - adding/querying/deleting metadata
+//     - making links to other filesystems' metadata
+//     - following links to get data from other filesystems
 package filesystem

 import (
@ -195,6 +195,7 @@ func (err *ErrProtectorNotFound) Error() string {
 var SortDescriptorsByLastMtime = false

 // Mount contains information for a specific mounted filesystem.
+//
 //	Path           - Absolute path where the directory is mounted
 //	FilesystemType - Type of the mounted filesystem, e.g. "ext4"
 //	Device         - Device for filesystem (empty string if we cannot find one)
@ -210,8 +211,9 @@ var SortDescriptorsByLastMtime = false
 // setup first. Specifically, the directories created look like:
 // <mountpoint>
 // └── .fscrypt
-//     ├── policies
-//     └── protectors
+//
+//	├── policies
+//	└── protectors
 //
 // These "policies" and "protectors" directories will contain files that are
 // the corresponding metadata structures for policies and protectors. The public
@ -723,13 +725,13 @@ func (m *Mount) addMetadata(path string, md metadata.Metadata, owner *user.User)
 // considering that it could be a malicious file created to cause a
 // denial-of-service.  Specifically, the following checks are done:
 //
-// - It must be a regular file, not another type of file like a symlink or FIFO.
-//   (Symlinks aren't bad by themselves, but given that a malicious user could
-//   point one to absolutely anywhere, and there is no known use case for the
-//   metadata files themselves being symlinks, it seems best to disallow them.)
-// - It must have a reasonable size (<= maxMetadataFileSize).
-// - If trustedUser is non-nil, then the file must be owned by the given user
-//   or by root.
+//   - It must be a regular file, not another type of file like a symlink or FIFO.
+//     (Symlinks aren't bad by themselves, but given that a malicious user could
+//     point one to absolutely anywhere, and there is no known use case for the
+//     metadata files themselves being symlinks, it seems best to disallow them.)
+//   - It must have a reasonable size (<= maxMetadataFileSize).
+//   - If trustedUser is non-nil, then the file must be owned by the given user
+//     or by root.
 //
 // Take care to avoid TOCTOU (time-of-check-time-of-use) bugs when doing these
 // tests.  Notably, we must open the file before checking the file type, as the
--- a/vendor/github.com/google/fscrypt/filesystem/mountpoint.go
+++ b/vendor/github.com/google/fscrypt/filesystem/mountpoint.go
@ -106,6 +106,7 @@ func getDeviceName(num DeviceNumber) string {
 // Parse one line of /proc/self/mountinfo.
 //
 // The line contains the following space-separated fields:
+//
 //	[0] mount ID
 //	[1] parent ID
 //	[2] major:minor
@ -184,11 +185,11 @@ func addUncontainedSubtreesRecursive(dst map[string]bool,
 // preferably a read-write mount.  However, that doesn't work in containers
 // where the "/" subtree might not be mounted.  Here's a real-world example:
 //
-//              mnt.Subtree               mnt.Path
-//              -----------               --------
-//              /var/lib/lxc/base/rootfs  /
-//              /var/cache/pacman/pkg     /var/cache/pacman/pkg
-//              /srv/repo/x86_64          /srv/http/x86_64
+//	mnt.Subtree               mnt.Path
+//	-----------               --------
+//	/var/lib/lxc/base/rootfs  /
+//	/var/cache/pacman/pkg     /var/cache/pacman/pkg
+//	/srv/repo/x86_64          /srv/http/x86_64
 //
 // In this case, all mnt.Subtree are independent.  To handle this case, we must
 // choose the Mount whose mnt.Path contains the others, i.e. the first one.
@ -199,10 +200,10 @@ func addUncontainedSubtreesRecursive(dst map[string]bool,
 // needed to correctly handle bind mounts.  For example, in the following case,
 // the first Mount should be chosen:
 //
-//              mnt.Subtree               mnt.Path
-//              -----------               --------
-//              /foo                      /foo
-//              /foo/dir                  /dir
+//	mnt.Subtree               mnt.Path
+//	-----------               --------
+//	/foo                      /foo
+//	/foo/dir                  /dir
 //
 // To solve this, we divide the mounts into non-overlapping trees of mnt.Path.
 // Then, we choose one of these trees which contains (exactly or via path