Re: [PATCH] xfs: include the XFS magic number in magic.h

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dave Chinner <david@fromorbit.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Christoph Hellwig <hch@infradead.org>,
	linux-xfs <linux-xfs@vger.kernel.org>
Subject: Re: [PATCH] xfs: include the XFS magic number in magic.h
Date: Wed, 13 Dec 2017 13:59:28 +1100	[thread overview]
Message-ID: <20171213025928.GZ5858@dastard> (raw)
In-Reply-To: <1513128072.3476.121.camel@linux.vnet.ibm.com>

On Tue, Dec 12, 2017 at 08:21:12PM -0500, Mimi Zohar wrote:
> On Wed, 2017-12-13 at 11:13 +1100, Dave Chinner wrote:
> > On Tue, Dec 12, 2017 at 06:55:31PM -0500, Mimi Zohar wrote:
> > > Based on file system, I could differentiate which files need to be
> > > signed.  For example, the root file system might require files
> > > signatures only on executables, while for other file systems all files
> > > could require signatures.
> > 
> > What's the filesystem magic number got to do with where the
> > filesystem is mounted or what it contains?

<silence>

[....]

> > > Unfortunately, not all filesystems support xattrs (eg.
> > > cpio/initramfs).
> > 
> > So add support to them....
> 
> Definitely, that would be the best solution!  Anyone have time and is
> interested in adding xattr support to CPIO?

One who needs the functionality finds the resources....

> > > scripts/sign-file is used to append a file signature to kernel
> > > modules.  This same script could be used for signing other files, like
> > > the kexec kernel image and initramfs.
> > 
> > This doesn't require knowing about what type of filesystem the file
> > is read from. It's just data appended to the file, and you can
> > already read filesystem without knowing what the underlying
> > filesystem implementation is....
> 
> Agreed, this is in response to your question "What's an appended
> signature".

Sure, but ...

>  The context was defining policy rules for testing, which
> either require different types of files signatures or require
> signatures for different file types, on a per file system basis.

... you still haven't explained why you need the filesystem magic
number for this or even why you need to have different
methods/policies for different filesystem types.

> Sigh, this patch was not suppose to be controversial.

It's not controversial, it's just wrong. :)

There are around 40 defined magic numbers in the XFS on-disk format.
They all get defined in the XFS on-disk format headers and should
not be used outside the XFS code.

>  Most, if not
> all, of the other file systems are included in magic.h.

And your point is?  Seriously, using filesystem magic numbers in the
kernel for detecting filesystems is misguided because:

	a) they don't uniquely identify a filesystem, and

	b) superblocks already have a struct file_system_type
	(sb->s_type) attached to them that is used explicity for
	identifying the filesystem type *by name*.

IOWs, if you need to identify a filesystem *type*, using internal
magic numbers is not the way to do it. selinux, for example, checks
sb->s_type->name quite a lot....

Cheers,

Dave.

-- 
Dave Chinner
david@fromorbit.com

next prev parent reply	other threads:[~2017-12-13  2:59 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-12 14:21 [PATCH] xfs: include the XFS magic number in magic.h Mimi Zohar
2017-12-12 14:26 ` Christoph Hellwig
2017-12-12 14:34   ` Mimi Zohar
2017-12-12 14:36     ` Christoph Hellwig
2017-12-12 15:04       ` Mimi Zohar
2017-12-12 23:30         ` Dave Chinner
2017-12-12 23:55           ` Mimi Zohar
2017-12-13  0:13             ` Dave Chinner
2017-12-13  1:21               ` Mimi Zohar
2017-12-13  2:59                 ` Dave Chinner [this message]
2017-12-13  8:43                   ` Christoph Hellwig
2017-12-13 14:04                   ` Mimi Zohar
2017-12-12 21:13 ` Dave Chinner
2017-12-12 23:35   ` Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171213025928.GZ5858@dastard \
    --to=david@fromorbit.com \
    --cc=hch@infradead.org \
    --cc=linux-xfs@vger.kernel.org \
    --cc=zohar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.