mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 10:33:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

cephfs: upgrade fscrypt version to fix concurrency issue

Browse Source 
In older versions of fscrypt there is a race condition
when multiple encrypted cephfs instances are deployed
simultaneously.

Signed-off-by: NymanRobin <robin.nyman@est.tech>
This commit is contained in:
NymanRobin
2024-05-08 12:58:38 +03:00
committed by mergify[bot]
parent 55bc4b406f
commit 3073409695
13 changed files with 101 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
vendor/github.com/google/fscrypt/metadata/config.go generated vendored
View File

@ -21,9 +21,9 @@
// Package metadata contains all of the on disk structures.
// These structures are defined in metadata.proto. The package also
// contains functions for manipulating these structures, specifically:
// * Reading and Writing the Config file to disk
// * Getting and Setting Policies for directories
// * Reasonable defaults for a Policy's EncryptionOptions
// - Reading and Writing the Config file to disk
// - Getting and Setting Policies for directories
// - Reasonable defaults for a Policy's EncryptionOptions
package metadata
import (

2
vendor/github.com/google/fscrypt/metadata/metadata.pb.go generated vendored
View File

@ -23,7 +23,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.28.0
// protoc-gen-go v1.33.0
// protoc v3.6.1
// source: metadata/metadata.proto

13
vendor/github.com/google/fscrypt/metadata/policy.go generated vendored
View File

@ -28,6 +28,7 @@ import (
"os"
"os/user"
"strconv"
"syscall"
"unsafe"
"github.com/pkg/errors"
@ -85,6 +86,15 @@ func (err *ErrDirectoryNotOwned) Error() string {
write access to the directory.`, err.Path, owner)
}
// ErrLockedRegularFile indicates that the path is a locked regular file.
type ErrLockedRegularFile struct {
Path string
}
func (err *ErrLockedRegularFile) Error() string {
return fmt.Sprintf("cannot operate on locked regular file %q", err.Path)
}
// ErrNotEncrypted indicates that the path is not encrypted.
type ErrNotEncrypted struct {
Path string
@ -164,6 +174,9 @@ func buildV2PolicyData(policy *unix.FscryptPolicyV2) *PolicyData {
func GetPolicy(path string) (*PolicyData, error) {
file, err := os.Open(path)
if err != nil {
if err.(*os.PathError).Err == syscall.ENOKEY {
return nil, &ErrLockedRegularFile{path}
}
return nil, err
}
defer file.Close()