On 2024-02-22 20:23:04, Eric Biggers wrote:
> On Mon, Feb 12, 2024 at 05:58:02PM +0100, Andrey Albershteyn wrote:
> > +FS_IOC_FSGETXATTR
> > +-----------------
> > +
> > +Since Linux v6.9, FS_XFLAG_VERITY (0x00020000) file attribute is set for verity
> > +files. The attribute can be observed via lsattr.
> > +
> > + [root@vm:~]# lsattr /mnt/test/foo
> > + --------------------V- /mnt/test/foo
> > +
> > +Note that this attribute cannot be set with FS_IOC_FSSETXATTR as enabling verity
> > +requires input parameters. See FS_IOC_ENABLE_VERITY.
>
> The lsattr example is irrelevant and misleading because lsattr uses
> FS_IOC_GETFLAGS, not FS_IOC_FSGETXATTR.
>
> Also, I know that you titled the subsection "FS_IOC_FSGETXATTR", but the text
> itself should make it super clear that FS_XFLAG_VERITY is only for
> FS_IOC_FSGETXATTR, not FS_IOC_GETFLAGS.
Sure, I will remove the example. Would something like this be clear
enough?
FS_IOC_FSGETXATTR
-----------------
Since Linux v6.9, FS_XFLAG_VERITY (0x00020000) file attribute is set for verity
files. This attribute can be checked with FS_IOC_FSGETXATTR ioctl. Note that
this attribute cannot be set with FS_IOC_FSSETXATTR as enabling verity requires
input parameters. See FS_IOC_ENABLE_VERITY.
> > diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h
> > index 48ad69f7722e..6e63ea832d4f 100644
> > --- a/include/uapi/linux/fs.h
> > +++ b/include/uapi/linux/fs.h
> > @@ -140,6 +140,7 @@ struct fsxattr {
> > #define FS_XFLAG_FILESTREAM 0x00004000 /* use filestream allocator */
> > #define FS_XFLAG_DAX 0x00008000 /* use DAX for IO */
> > #define FS_XFLAG_COWEXTSIZE 0x00010000 /* CoW extent size allocator hint */
> > +#define FS_XFLAG_VERITY 0x00020000 /* fs-verity sealed inode */
>
> There's currently nowhere in the documentation or code that uses the phrase
> "fs-verity sealed inode". It's instead called a verity file, or a file that has
> fs-verity enabled. We should try to avoid inconsistent terminology.
Oops, missed this one. Thanks!
--
- Andrey
