On 2023-10-10 21:05:44, Eric Biggers wrote: > There's currently nowhere in the documentation or code that uses the phrase > "fs-verity sealed file". It's instead called a verity file, or a file that has > fs-verity enabled. I suggest we try to avoid inconsistent terminology. > > Also, it should be mentioned which kernel versions this works on. > > See for example what the statx section of the documentation says just above the > new section that you're adding: > > Since Linux v5.5, the statx() system call sets STATX_ATTR_VERITY if > the file has fs-verity enabled. Sure, will change terminology. Would it be fine to add kernel version in additional patch when patchset is merged? > > Also, is FS_XFLAG_VERITY going to work on all filesystems? The existing ways to > query the verity flag work on all filesystems. Hopefully any new API will too. > Yes, if FS_VERITY_FL is set on the verity file. I will probably move hunks in fs/ioctl.c from [1] to this patch so it makes more sense. > Also, "Extended file attributes" is easily confused with, well, extended file > attributes (xattrs). It should be made clear that this is talking about the > FS_IOC_FSGETXATTR ioctl, not real xattrs. > > Also, it should be made clear that FS_XFLAG_VERITY cannot be set using > FS_IOC_FSSETXATTR. See e.g. how the existing documentation says that > FS_IOC_GETFLAGS can get FS_VERITY_FL but FS_IOC_SETFLAGS cannot set it. Thanks, will add it. [1]: https://lore.kernel.org/all/20231011013940.GJ21298@frogsfrogsfrogs/T/#m75e77f585b9b7437556d108c325126865c1f6ce7 -- - Andrey
