On Mon, Mar 04, 2024 at 08:10:28PM +0100, Andrey Albershteyn wrote: > @@ -641,6 +645,13 @@ static int fileattr_set_prepare(struct inode *inode, > !(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode))) > return -EINVAL; > > + /* > + * Verity cannot be set through FS_IOC_FSSETXATTR/FS_IOC_SETFLAGS. > + * See FS_IOC_ENABLE_VERITY > + */ > + if (fa->fsx_xflags & FS_XFLAG_VERITY) > + return -EINVAL; This makes FS_IOC_SETFLAGS and FS_IOC_FSSETXATTR start failing on files that already have verity enabled. An error should only be returned when the new flags contain verity and the old flags don't. - Eric
