On Wed, 2025-03-26 at 11:24 +0100, Miklos Szeredi wrote:
> On Tue, 25 Mar 2025 at 12:35, Amir Goldstein <amir73il@xxxxxxxxx>
> wrote:
>
> > > --- a/fs/overlayfs/params.c
> > > +++ b/fs/overlayfs/params.c
> > > @@ -846,8 +846,8 @@ int ovl_fs_params_verify(const struct
> > > ovl_fs_context *ctx,
> > > config->uuid = OVL_UUID_NULL;
> > > }
> > >
> > > - /* Resolve verity -> metacopy dependency */
> > > - if (config->verity_mode && !config->metacopy) {
> > > + /* Resolve verity -> metacopy dependency (unless used
> > > with userxattr) */
> > > + if (config->verity_mode && !config->metacopy && !config-
> > > >userxattr) {
> >
> > This is very un-intuitive to me.
> >
> > Why do we need to keep the dependency verity -> metacopy with
> > trusted xattrs?
>
> Yeah, now it's clear that metacopy has little to do with the data
> redirect feature that verity was added for.
>
> I don't really understand the copy-up logic around verity=require,
> though. Why does that not return EIO like open?
If a lowerdir file doesn't have fsverity enabled, there is no struct
fsverity_info, so no digest available to use. This means we cannot make
a verity-enforced redirect to it.
This is not an VERITY_REQUIRE failure, those are when we find a
redirect with a missing digest xattr, but in this case the lower file
is a real data file, not a redirect.
Note: This actually happens in composefs. We don't use redirect for
tiny files (smaller than the redirect xattrs would be), instead we
embed them directly in the EROFS image.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=
Alexander Larsson Red Hat,
Inc
alexl@xxxxxxxxxx alexander.larsson@xxxxxxxxx
He's a lonely Jewish vampire hunter on a search for his missing sister.
She's a man-hating Buddhist socialite trying to make a difference in a
man's world. They fight crime!
