On Wed, 8 Mar 2023 at 16:29, Alexander Larsson <alexl@xxxxxxxxxx> wrote: > > As was recently discussed in the various threads about composefs we > want the ability to specify a fs-verity digest for metacopy files, > such that the lower file used for the data is guaranteed to have the > specified digest. > > I wrote an initial version of this here: > > https://github.com/alexlarsson/linux/tree/overlay-verity > > I would like some feedback on this approach. Does it make sense? > > For context, here is the main commit text: > > This adds support for a new overlay xattr "overlay.verity", which > contains a fs-verity digest. This is used for metacopy files, and > whenever the lowerdata file is accessed overlayfs can verify that > the data file fs-verity digest matches the expected one. > > By default this is ignored, but if the mount option "verity_policy" is > set to "validate" or "require", then all accesses validate any > specified digest. If you use "require" it additionally fails to access > metacopy file if the verity xattr is missing. > > The digest is validated during ovl_open() as well as when the lower file > is copied up. Additionally the overlay.verity xattr is copied to the > upper file during a metacopy operation, in order to later do the validation > of the digest when the copy-up happens. Hmm, so what exactly happens if the file is copied up and then modified? The verification will fail, no? Thanks, Miklos
