On Wed, Jul 17, 2024 at 09:15:46AM -0700, Darrick J. Wong wrote: > > So I think the package split makes sense no matter what we do, > > but I really want a per file system choice and not a global one. > > <nod> How might we do that? > > 1. touch $mnt/.selfheal to opt-in to online fsck? > 2. touch $mnt/.noselfheal to opt-out? > 3. attr -s system.selfheal to opt in? > 4. attr -s system.noselfheal to opt out? > 5. compat feature to opt-in > 6. compat feature to opt-out? > 7. filesystem property that we stuff in the metadir? > > 1-2 most resemble the old /.forcefsck knob, and systemd has > ConditionPathExists= that we could use to turn an xfs_scrub@<path> > service invocation into a nop. > > 3-4 don't clutter up the root filesystem with dotfiles, but then if we > ever reset the root directory then the selfheal property is lost. All four of of them are kinda scary that the contents of the file systems affects policy. Now maybe we should never chown the root directory to an untrusted or not fully trusted user, but.. > 5-6 might be my preferred way, but then I think I have to add a fsgeom > flag so that userspace can detect the selfheal preferences. These actually sound like the most sensible to me, even if the flags are of course a little annoying. > b. Adding these knobs means more userspace code to manage them. 1-4 can > be done easily in xfs_admin, 5-8 involve a new ioctl and io/db code. Yeah, that's kindof the downside. The other option would of course be some kind of global table in /etc.
