Hi,
I'm the author of https://live.gnome.org/Projects/OSTree which is a new
general purpose update system for Linux-based operating systems.
Basically it does updates by creating a new hardlink farm chroot.
(There's nothing really new about this, OSTree is just a polished
version of it with a new twist or two)
Now present, I have a read-only bind mount over /usr. What I'd really
like is something like the existing S_IMMUTABLE bit except with the
ability to make hardlinks. Also unlike S_IMMUTABLE I don't want it to
be removable at all.
And the more I thought about it, the more I realized what would be neat
is a new open flag "O_OBJECT". What this would do is disallow any
further changes to content after the file has been close()d or so.
(It would also be nice to have a way to make xattrs immutable, but I
see that as a separate thing)
I can imagine that beyond the security aspect, filesystems could make
some interesting optimizations if userspace opted out of the ability to
mutate files post-creation.
Both OSTree and git could use it (git for loose objects).
There's been stuff somewhat related to this in the past, like
linux-vserver was carrying a hack to do CoW hardlinks. But I think it's
really better to just disallow mutation and force userspace to break
hardlinks.
If you guys give me this flag, I'll make use of it in userspace pretty
much right away =)
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
