On Tue, 2025-03-25 at 11:57 +0100, Miklos Szeredi wrote:
> On Tue, 11 Feb 2025 at 13:01, Amir Goldstein <amir73il@xxxxxxxxx>
> wrote:
> > Looking closer at ovl_maybe_validate_verity(), it's actually
> > worse - if you create an upper without metacopy above
> > a lower with metacopy, ovl_validate_verity() will only check
> > the metacopy xattr on metapath, which is the uppermost
> > and find no md5digest, so create an upper above a metacopy
> > lower is a way to avert verity check.
> >
> > So I think lookup code needs to disallow finding metacopy
> > in middle layer and need to enforce that also when upper is found
> > via index.
>
> So I think the next patch does this: only allow following a metacopy
> redirect from lower to data.
>
> It's confusing to call this metacopy, as no copy is performed. We
> could call it data-redirect. Mixing data-redirect with real meta-
> copy
> is of dubious value, and we might be better to disable it even in the
> privileged scenario.
>
> Giuseppe, Alexander, AFAICS the composefs use case employs
> data-redirect only and not metacopy, right?
The most common usecase is to get a read-only image, say for
/usr. However, sometimes (for example with containers) we have a
writable upper layer too. I'm not sure how important metacopy is for
that though, it is more commonly used to avoid duplicating things
between e.g. the container image layers. Giuseppe?
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=
Alexander Larsson Red Hat,
Inc
alexl@xxxxxxxxxx alexander.larsson@xxxxxxxxx
He's an impetuous guerilla werewolf fleeing from a secret government
programme. She's an elegant insomniac socialite with a flame-thrower.
They fight crime!
