diff options
Diffstat (limited to 'internal/fusefrontend')
-rw-r--r-- | internal/fusefrontend/args.go | 9 | ||||
-rw-r--r-- | internal/fusefrontend/fs.go | 8 | ||||
-rw-r--r-- | internal/fusefrontend/xattr.go | 2 |
3 files changed, 13 insertions, 6 deletions
diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go index 5fb72cd..e767f28 100644 --- a/internal/fusefrontend/args.go +++ b/internal/fusefrontend/args.go @@ -30,6 +30,13 @@ type Args struct { SerializeReads bool // Force decode even if integrity check fails (openSSL only) ForceDecode bool - // Exclude is a list of paths to make inaccessible + // Exclude is a list of paths to make inaccessible, starting match at + // the filesystem root Exclude []string + // ExcludeWildcards is a list of paths to make inaccessible, matched + // anywhere, and supporting wildcards + ExcludeWildcard []string + // ExcludeFrom is a list of files from which to read exclusion patterns + // (with wildcard syntax) + ExcludeFrom []string } diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go index ff628e5..2c40942 100644 --- a/internal/fusefrontend/fs.go +++ b/internal/fusefrontend/fs.go @@ -35,7 +35,7 @@ type FS struct { // states dirIVLock sync.RWMutex // Filename encryption helper - nameTransform *nametransform.NameTransform + nameTransform nametransform.NameTransformer // Content encryption helper contentEnc *contentenc.ContentEnc // This lock is used by openWriteOnlyFile() to block concurrent opens while @@ -62,7 +62,7 @@ type FS struct { //var _ pathfs.FileSystem = &FS{} // Verify that interface is implemented. // NewFS returns a new encrypted FUSE overlay filesystem. -func NewFS(args Args, c *contentenc.ContentEnc, n *nametransform.NameTransform) *FS { +func NewFS(args Args, c *contentenc.ContentEnc, n nametransform.NameTransformer) *FS { if args.SerializeReads { serialize_reads.InitSerializer() } @@ -399,7 +399,7 @@ func (fs *FS) decryptSymlinkTarget(cData64 string) (string, error) { if cData64 == "" { return "", nil } - cData, err := fs.nameTransform.B64.DecodeString(cData64) + cData, err := fs.nameTransform.B64DecodeString(cData64) if err != nil { return "", err } @@ -472,7 +472,7 @@ func (fs *FS) encryptSymlinkTarget(data string) (cData64 string) { return "" } cData := fs.contentEnc.EncryptBlock([]byte(data), 0, nil) - cData64 = fs.nameTransform.B64.EncodeToString(cData) + cData64 = fs.nameTransform.B64EncodeToString(cData) return cData64 } diff --git a/internal/fusefrontend/xattr.go b/internal/fusefrontend/xattr.go index 1de9cac..20e8db7 100644 --- a/internal/fusefrontend/xattr.go +++ b/internal/fusefrontend/xattr.go @@ -150,7 +150,7 @@ func (fs *FS) decryptXattrValue(cData []byte) (data []byte, err error) { } // This backward compatibility is needed to support old // file systems having xattr values base64-encoded. - cData, err2 := fs.nameTransform.B64.DecodeString(string(cData)) + cData, err2 := fs.nameTransform.B64DecodeString(string(cData)) if err2 != nil { // Looks like the value was not base64-encoded, but just corrupt. // Return the original decryption error: err1 |