On Wed, May 03, 2023 at 10:51:37AM +0200, Alexander Larsson wrote: > +- "require": > + Same as "on", but additionally all metacopy files must specify a > + verity xattr. This means metadata copy up will only be used if > + the data file has fs-verity enabled, otherwise a full copy-up is > + used. The second sentence makes it sound like an attacker can inject arbitrary data just by replacing a data file with one that doesn't have fsverity enabled. I really hope that's not the case? I *think* there is a subtlety here involving "metacopy files" that were created ahead of time by the user, vs. being generated by overlayfs. But it's not really explained. - Eric
