summaryrefslogtreecommitdiff
path: root/internal/fusefrontend
diff options
context:
space:
mode:
Diffstat (limited to 'internal/fusefrontend')
-rw-r--r--internal/fusefrontend/args.go9
-rw-r--r--internal/fusefrontend/fs.go8
-rw-r--r--internal/fusefrontend/xattr.go2
3 files changed, 13 insertions, 6 deletions
diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go
index 5fb72cd..e767f28 100644
--- a/internal/fusefrontend/args.go
+++ b/internal/fusefrontend/args.go
@@ -30,6 +30,13 @@ type Args struct {
SerializeReads bool
// Force decode even if integrity check fails (openSSL only)
ForceDecode bool
- // Exclude is a list of paths to make inaccessible
+ // Exclude is a list of paths to make inaccessible, starting match at
+ // the filesystem root
Exclude []string
+ // ExcludeWildcards is a list of paths to make inaccessible, matched
+ // anywhere, and supporting wildcards
+ ExcludeWildcard []string
+ // ExcludeFrom is a list of files from which to read exclusion patterns
+ // (with wildcard syntax)
+ ExcludeFrom []string
}
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index ff628e5..2c40942 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -35,7 +35,7 @@ type FS struct {
// states
dirIVLock sync.RWMutex
// Filename encryption helper
- nameTransform *nametransform.NameTransform
+ nameTransform nametransform.NameTransformer
// Content encryption helper
contentEnc *contentenc.ContentEnc
// This lock is used by openWriteOnlyFile() to block concurrent opens while
@@ -62,7 +62,7 @@ type FS struct {
//var _ pathfs.FileSystem = &FS{} // Verify that interface is implemented.
// NewFS returns a new encrypted FUSE overlay filesystem.
-func NewFS(args Args, c *contentenc.ContentEnc, n *nametransform.NameTransform) *FS {
+func NewFS(args Args, c *contentenc.ContentEnc, n nametransform.NameTransformer) *FS {
if args.SerializeReads {
serialize_reads.InitSerializer()
}
@@ -399,7 +399,7 @@ func (fs *FS) decryptSymlinkTarget(cData64 string) (string, error) {
if cData64 == "" {
return "", nil
}
- cData, err := fs.nameTransform.B64.DecodeString(cData64)
+ cData, err := fs.nameTransform.B64DecodeString(cData64)
if err != nil {
return "", err
}
@@ -472,7 +472,7 @@ func (fs *FS) encryptSymlinkTarget(data string) (cData64 string) {
return ""
}
cData := fs.contentEnc.EncryptBlock([]byte(data), 0, nil)
- cData64 = fs.nameTransform.B64.EncodeToString(cData)
+ cData64 = fs.nameTransform.B64EncodeToString(cData)
return cData64
}
diff --git a/internal/fusefrontend/xattr.go b/internal/fusefrontend/xattr.go
index 1de9cac..20e8db7 100644
--- a/internal/fusefrontend/xattr.go
+++ b/internal/fusefrontend/xattr.go
@@ -150,7 +150,7 @@ func (fs *FS) decryptXattrValue(cData []byte) (data []byte, err error) {
}
// This backward compatibility is needed to support old
// file systems having xattr values base64-encoded.
- cData, err2 := fs.nameTransform.B64.DecodeString(string(cData))
+ cData, err2 := fs.nameTransform.B64DecodeString(string(cData))
if err2 != nil {
// Looks like the value was not base64-encoded, but just corrupt.
// Return the original decryption error: err1
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 13:13:11 +0000