On 2024-02-22 20:23:04, Eric Biggers wrote: > On Mon, Feb 12, 2024 at 05:58:02PM +0100, Andrey Albershteyn wrote: > > +FS_IOC_FSGETXATTR > > +----------------- > > + > > +Since Linux v6.9, FS_XFLAG_VERITY (0x00020000) file attribute is set for verity > > +files. The attribute can be observed via lsattr. > > + > > + [root@vm:~]# lsattr /mnt/test/foo > > + --------------------V- /mnt/test/foo > > + > > +Note that this attribute cannot be set with FS_IOC_FSSETXATTR as enabling verity > > +requires input parameters. See FS_IOC_ENABLE_VERITY. > > The lsattr example is irrelevant and misleading because lsattr uses > FS_IOC_GETFLAGS, not FS_IOC_FSGETXATTR. > > Also, I know that you titled the subsection "FS_IOC_FSGETXATTR", but the text > itself should make it super clear that FS_XFLAG_VERITY is only for > FS_IOC_FSGETXATTR, not FS_IOC_GETFLAGS. Sure, I will remove the example. Would something like this be clear enough? FS_IOC_FSGETXATTR ----------------- Since Linux v6.9, FS_XFLAG_VERITY (0x00020000) file attribute is set for verity files. This attribute can be checked with FS_IOC_FSGETXATTR ioctl. Note that this attribute cannot be set with FS_IOC_FSSETXATTR as enabling verity requires input parameters. See FS_IOC_ENABLE_VERITY. > > diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h > > index 48ad69f7722e..6e63ea832d4f 100644 > > --- a/include/uapi/linux/fs.h > > +++ b/include/uapi/linux/fs.h > > @@ -140,6 +140,7 @@ struct fsxattr { > > #define FS_XFLAG_FILESTREAM 0x00004000 /* use filestream allocator */ > > #define FS_XFLAG_DAX 0x00008000 /* use DAX for IO */ > > #define FS_XFLAG_COWEXTSIZE 0x00010000 /* CoW extent size allocator hint */ > > +#define FS_XFLAG_VERITY 0x00020000 /* fs-verity sealed inode */ > > There's currently nowhere in the documentation or code that uses the phrase > "fs-verity sealed inode". It's instead called a verity file, or a file that has > fs-verity enabled. We should try to avoid inconsistent terminology. Oops, missed this one. Thanks! -- - Andrey