----- Ursprüngliche Mail ----- > Von: "chengzhihao1" <chengzhihao1@xxxxxxxxxx> >>> Von: "Daniel Golle" <daniel@xxxxxxxxxxxxxx> >>> Allow the boot firmware to define volumes which are critical for the >>> system to boot, such as the bootloader itself if stored inside a UBI >>> volume. Protect critical volumes by preventing the user from removing, >>> resizing or writing to them, and also prevent the UBI device from >>> being detached if a critical volume is present. >> >> I agree with the doubts raised in patch 1/2, if userspace is so hostile >> to delete system partitions, there is little hope. >> But I'm still open for discussion. > > Yes, I agree that it is meaningful to prevent user from operating > volumes accidently. How about doing that by some existing methods? Eg. > selinux(Design sepolicy for ioctl cmd). Another thought, do we really need to enforce this in kernel space? Teaching ubi-tools to be super careful with some volumes is also an option. like a ubirmvol ... --i-know-what-im-doing. Thanks, //richard