On Thu, 20 Feb 2025 at 12:39, Giuseppe Scrivano <gscrivan@xxxxxxxxxx> wrote: > > Miklos Szeredi <miklos@xxxxxxxxxx> writes: > > > On Thu, 20 Feb 2025 at 10:54, Giuseppe Scrivano <gscrivan@xxxxxxxxxx> wrote: > >> > >> Miklos Szeredi <miklos@xxxxxxxxxx> writes: > >> > >> > On Tue, 11 Feb 2025 at 16:52, Amir Goldstein <amir73il@xxxxxxxxx> wrote: > > > >> >> The short version - for lazy data lookup we store the lowerdata > >> >> redirect absolute path in the ovl entry stack, but we do not store > >> >> the verity digest, we just store OVL_HAS_DIGEST inode flag if there > >> >> is a digest in metacopy xattr. > >> >> > >> >> If we store the digest from lookup time in ovl entry stack, your changes > >> >> may be easier. > >> > > >> > Sorry, I can't wrap my head around this issue. Cc-ing Giuseppe. > > > > Giuseppe, can you describe what should happen when verity is enabled > > and a file on a composefs setup is copied up? > > we don't care much about this case since the composefs metadata is in > the EROFS file system. Once copied up it is fine to discard this > information. Adding Alex to the discussion as he might have a different > opinion/use case in mind. Okay. Amir, do I understand correctly that your worry is that after copy-up verity digest is still being used? If that's the case, we just need to make sure that OVL_HAS_DIGEST is cleared on copy-up? Or am I still misunderstanding this completely? > >> >> Right. So I guess we only need to disallow uppermetacopy from > >> >> index when metacoy=off. > >> > >> is that be safe from a user namespace? > > > > You mean disallowing uppermetacopy? It's obviously safer than allowing it, no? > > sorry I read th "only need" as "loosening the conditions when > uppermetacopy is allowed"; so I was asking if there are cases when > uppermetacopy is considered safe in a user namespace (if there are any). > If that is not the case, please ignore my question. Yeah, that "only" was referring to my stupid idea, I guess. Thanks, Miklos
