On Mon, Sep 30, 2024 at 08:43:40PM +0200, Richard Weinberger wrote: > ----- Ursprüngliche Mail ----- > > Von: "chengzhihao1" <chengzhihao1@xxxxxxxxxx> > >>> Von: "Daniel Golle" <daniel@xxxxxxxxxxxxxx> > >>> Allow the boot firmware to define volumes which are critical for the > >>> system to boot, such as the bootloader itself if stored inside a UBI > >>> volume. Protect critical volumes by preventing the user from removing, > >>> resizing or writing to them, and also prevent the UBI device from > >>> being detached if a critical volume is present. > >> > >> I agree with the doubts raised in patch 1/2, if userspace is so hostile > >> to delete system partitions, there is little hope. > >> But I'm still open for discussion. > > > > Yes, I agree that it is meaningful to prevent user from operating > > volumes accidently. How about doing that by some existing methods? Eg. > > selinux(Design sepolicy for ioctl cmd). > > Another thought, do we really need to enforce this in kernel space? > Teaching ubi-tools to be super careful with some volumes is also an option. > > like a ubirmvol ... --i-know-what-im-doing. True, enforcement doesn't need to happen in kernel (though I think it's nicer, but really just a matter of taste, I guess). ubi-tools would still need to be able to recognize critical volumes somehow, and that could be done by checking if the 'volume-is-critical' property is present in /sys/class/ubi/ubi*_*/of_node/ If you prefer going down that road instead I will work on patches for git.infradead.org/mtd-utils.git instead.
