From 434ce50db38e78f7e2a67af07cb92d8829fdfdf6 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Thu, 6 Oct 2016 22:41:13 +0200 Subject: [PATCH] main: add "-nonempty" option --- Documentation/MANPAGE.md | 4 ++++ cli_args.go | 3 ++- main.go | 9 ++++++++- tests/normal/cli_test.go | 22 ++++++++++++++++++++++ 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index a9b84dd..9847811 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -79,6 +79,10 @@ anybody on the machine who can execute "ps -auxwww". : Write memory profile to specified file. This is useful when debugging memory usage of gocryptfs. +**-nonempty** +: Allow mounting over non-empty directories. FUSE by default disallows +this because to prevent accidential shadowing of files. + **-nosyslog** : Diagnostic messages are normally redirected to syslog once gocryptfs daemonizes. This option disables the redirection and messages will diff --git a/cli_args.go b/cli_args.go index 69178d2..dd570d3 100644 --- a/cli_args.go +++ b/cli_args.go @@ -14,7 +14,7 @@ import ( type argContainer struct { debug, init, zerokey, fusedebug, openssl, passwd, foreground, version, plaintextnames, quiet, nosyslog, wpanic, - longnames, allow_other, ro, reverse, aessiv bool + longnames, allow_other, ro, reverse, aessiv, nonempty bool masterkey, mountpoint, cipherdir, cpuprofile, extpass, memprofile, o string // Configuration file name override @@ -52,6 +52,7 @@ func parseCliOpts() (args argContainer) { flagSet.BoolVar(&args.ro, "ro", false, "Mount the filesystem read-only") flagSet.BoolVar(&args.reverse, "reverse", false, "Reverse mode") flagSet.BoolVar(&args.aessiv, "aessiv", false, "AES-SIV encryption") + flagSet.BoolVar(&args.nonempty, "nonempty", false, "Allow mounting over non-empty directories") flagSet.StringVar(&args.masterkey, "masterkey", "", "Mount with explicit master key") flagSet.StringVar(&args.cpuprofile, "cpuprofile", "", "Write cpu profile to specified file") flagSet.StringVar(&args.memprofile, "memprofile", "", "Write memory profile to specified file") diff --git a/main.go b/main.go index e5b2366..c71e289 100644 --- a/main.go +++ b/main.go @@ -236,7 +236,11 @@ func main() { tlog.Fatal.Printf("Invalid mountpoint: %v", err) os.Exit(ErrExitMountPoint) } - err = checkDirEmpty(args.mountpoint) + if args.nonempty { + err = checkDir(args.mountpoint) + } else { + err = checkDirEmpty(args.mountpoint) + } if err != nil { tlog.Fatal.Printf("Invalid mountpoint: %v", err) os.Exit(ErrExitMountPoint) @@ -348,6 +352,9 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi // Make the kernel check the file permissions for us mOpts.Options = append(mOpts.Options, "default_permissions") } + if args.nonempty { + mOpts.Options = append(mOpts.Options, "nonempty") + } // Set values shown in "df -T" and friends // First column, "Filesystem" mOpts.Options = append(mOpts.Options, "fsname="+args.cipherdir) diff --git a/tests/normal/cli_test.go b/tests/normal/cli_test.go index f0e160d..6691822 100644 --- a/tests/normal/cli_test.go +++ b/tests/normal/cli_test.go @@ -3,6 +3,7 @@ package normal // Test CLI operations like "-init", "-password" etc import ( + "io/ioutil" "os" "os/exec" "testing" @@ -146,3 +147,24 @@ func TestRo(t *testing.T) { t.Errorf("Create should have failed") } } + +// Test "-nonempty" +func TestNonempty(t *testing.T) { + dir := test_helpers.InitFS(t) + mnt := dir + ".mnt" + err := os.Mkdir(mnt, 0700) + if err != nil { + t.Fatal(err) + } + err = ioutil.WriteFile(mnt+"/somefile", []byte("xyz"), 0600) + if err != nil { + t.Fatal(err) + } + err = test_helpers.Mount(dir, mnt, false, "-extpass=echo test") + if err == nil { + t.Errorf("Mounting over a file should fail per default") + } + // Should work with "-nonempty" + test_helpers.MountOrFatal(t, dir, mnt, "-nonempty", "-extpass=echo test") + test_helpers.UnmountPanic(mnt) +}