On Tue, 25 Mar 2025 at 12:35, Amir Goldstein <amir73il@xxxxxxxxx> wrote:
> > --- a/fs/overlayfs/params.c
> > +++ b/fs/overlayfs/params.c
> > @@ -846,8 +846,8 @@ int ovl_fs_params_verify(const struct ovl_fs_context *ctx,
> > config->uuid = OVL_UUID_NULL;
> > }
> >
> > - /* Resolve verity -> metacopy dependency */
> > - if (config->verity_mode && !config->metacopy) {
> > + /* Resolve verity -> metacopy dependency (unless used with userxattr) */
> > + if (config->verity_mode && !config->metacopy && !config->userxattr) {
>
> This is very un-intuitive to me.
>
> Why do we need to keep the dependency verity -> metacopy with trusted xattrs?
Yeah, now it's clear that metacopy has little to do with the data
redirect feature that verity was added for.
I don't really understand the copy-up logic around verity=require,
though. Why does that not return EIO like open?
Thanks,
Miklos
