On Tue, 2025-03-25 at 11:46 +0100, Miklos Szeredi wrote:
> Allow the "verity" mount option to be used with "userxattr" data-only
> layer(s).
>
> Previous patches made sure that with "userxattr" metacopy only works
> in the
> lower -> data scenario.
>
> In this scenario the lower (metadata) layer must be secured against
> tampering, in which case the verity checksums contained in this layer
> can
> ensure integrity of data even in the case of an untrusted data layer.
>
> Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx>
Reviewed-by: Alexander Larsson <alexl@xxxxxxxxxx>
This works well enough for composefs, but I agree with Amir that once
we start allowing redirects into data-only lowers, even with
metacopy=0, then we could at least allow verity=on.
> ---
> fs/overlayfs/params.c | 11 +++--------
> 1 file changed, 3 insertions(+), 8 deletions(-)
>
> diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c
> index 54468b2b0fba..8ac0997dca13 100644
> --- a/fs/overlayfs/params.c
> +++ b/fs/overlayfs/params.c
> @@ -846,8 +846,8 @@ int ovl_fs_params_verify(const struct
> ovl_fs_context *ctx,
> config->uuid = OVL_UUID_NULL;
> }
>
> - /* Resolve verity -> metacopy dependency */
> - if (config->verity_mode && !config->metacopy) {
> + /* Resolve verity -> metacopy dependency (unless used with
> userxattr) */
> + if (config->verity_mode && !config->metacopy && !config-
> >userxattr) {
> /* Don't allow explicit specified conflicting
> combinations */
> if (set.metacopy) {
> pr_err("conflicting options:
> metacopy=off,verity=%s\n",
> @@ -945,7 +945,7 @@ int ovl_fs_params_verify(const struct
> ovl_fs_context *ctx,
> }
>
>
> - /* Resolve userxattr -> !redirect && !metacopy && !verity
> dependency */
> + /* Resolve userxattr -> !redirect && !metacopy dependency */
> if (config->userxattr) {
> if (set.redirect &&
> config->redirect_mode != OVL_REDIRECT_NOFOLLOW)
> {
> @@ -957,11 +957,6 @@ int ovl_fs_params_verify(const struct
> ovl_fs_context *ctx,
> pr_err("conflicting options:
> userxattr,metacopy=on\n");
> return -EINVAL;
> }
> - if (config->verity_mode) {
> - pr_err("conflicting options:
> userxattr,verity=%s\n",
> - ovl_verity_mode(config));
> - return -EINVAL;
> - }
> /*
> * Silently disable default setting of redirect and
> metacopy.
> * This shall be the default in the future as well:
> these
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=
Alexander Larsson Red Hat,
Inc
alexl@xxxxxxxxxx alexander.larsson@xxxxxxxxx
He's an oversexed soccer-playing filmmaker possessed of the uncanny
powers of an insect. She's a foxy nymphomaniac mercenary on the trail
of
a serial killer. They fight crime!
