fscrypt: fix metadata directory permissions

Call Mount.Setup with SingleUserWritable constant instead of 0o755,
which is silently ignored and causes the /.fscrypt/{policy,protector}/
directories to have mode 000.

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
This commit is contained in:
Marcel Lauhoff 2022-09-07 17:32:10 +02:00 committed by mergify[bot]
parent 4e38bdac10
commit f1f50e0218

View File

@ -379,7 +379,7 @@ func Unlock(
// 1. Do we have a metadata directory (.fscrypt) set up? // 1. Do we have a metadata directory (.fscrypt) set up?
metadataDirExists := false metadataDirExists := false
if err = fscryptContext.Mount.Setup(0o755); err != nil { if err = fscryptContext.Mount.Setup(fscryptfilesystem.SingleUserWritable); err != nil {
alreadySetupErr := &fscryptfilesystem.ErrAlreadySetup{} alreadySetupErr := &fscryptfilesystem.ErrAlreadySetup{}
if errors.As(err, &alreadySetupErr) { if errors.As(err, &alreadySetupErr) {
log.DebugLog(ctx, "fscrypt: metadata directory in %q already set up", alreadySetupErr.Mount.Path) log.DebugLog(ctx, "fscrypt: metadata directory in %q already set up", alreadySetupErr.Mount.Path)