On Fri, Feb 23, 2024 at 01:55:21PM +0100, Andrey Albershteyn wrote: > On 2024-02-22 20:23:04, Eric Biggers wrote: > > On Mon, Feb 12, 2024 at 05:58:02PM +0100, Andrey Albershteyn wrote: > > > +FS_IOC_FSGETXATTR > > > +----------------- > > > + > > > +Since Linux v6.9, FS_XFLAG_VERITY (0x00020000) file attribute is set for verity > > > +files. The attribute can be observed via lsattr. > > > + > > > + [root@vm:~]# lsattr /mnt/test/foo > > > + --------------------V- /mnt/test/foo > > > + > > > +Note that this attribute cannot be set with FS_IOC_FSSETXATTR as enabling verity > > > +requires input parameters. See FS_IOC_ENABLE_VERITY. > > > > The lsattr example is irrelevant and misleading because lsattr uses > > FS_IOC_GETFLAGS, not FS_IOC_FSGETXATTR. > > > > Also, I know that you titled the subsection "FS_IOC_FSGETXATTR", but the text > > itself should make it super clear that FS_XFLAG_VERITY is only for > > FS_IOC_FSGETXATTR, not FS_IOC_GETFLAGS. > > Sure, I will remove the example. Would something like this be clear > enough? > > FS_IOC_FSGETXATTR > ----------------- > > Since Linux v6.9, FS_XFLAG_VERITY (0x00020000) file attribute is set for verity > files. This attribute can be checked with FS_IOC_FSGETXATTR ioctl. Note that > this attribute cannot be set with FS_IOC_FSSETXATTR as enabling verity requires > input parameters. See FS_IOC_ENABLE_VERITY. It's better, but I'd probably put FS_IOC_FSGETXATTR in the first sentence. Like: Since Linux v6.9, the FS_IOC_FSGETXATTR ioctl sets FS_XFLAG_VERITY (0x00020000) in the returned flags when the file has verity enabled. - Eric
