From mboxrd@z Thu Jan 1 00:00:00 1970 From: Colin Walters Subject: Re: [PATCH 0/6] File Sealing & memfd_create() Date: Thu, 10 Apr 2014 14:45:48 +0000 Message-ID: <1397141388.16343.10@mail.messagingengine.com> References: <1395256011-2423-1-git-send-email-dh.herrmann@gmail.com> <20140320153250.GC20618@thunk.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Cc: David Herrmann , linux-kernel@vger.kernel.org, Hugh Dickins , Alexander Viro , Matthew Wilcox , Karol Lewandowski , Kay Sievers , Daniel Mack , Lennart Poettering , Kristian@thunk.org, john.stultz@linaro.org, Greg Kroah-Hartman , Tejun Heo , Johannes Weiner , dri-devel@lists.freedesktop.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, Andrew Morton , Linus Torvalds , Ryan Lortie , mtk.manpages@gmail.com To: tytso@mit.edu Return-path: In-Reply-To: <20140320153250.GC20618@thunk.org> Sender: owner-linux-mm@kvack.org List-Id: linux-fsdevel.vger.kernel.org On Thu, Mar 20, 2014 at 11:32 AM, tytso@mit.edu wrote: > > Looking at your patches, and what files you are modifying, you are > enforcing this in the low-level file system. I would love for this to be implemented in the filesystem level as well. Something like the ext4 immutable bit, but with the ability to still make hardlinks would be *very* useful for OSTree. And anyone else that uses hardlinks as a data source. The vserver people do something similiar: http://linux-vserver.org/util-vserver:Vhashify At the moment I have a read-only bind mount over /usr, but what I really want is to make the individual objects in the object store in /ostree/repo/objects be immutable, so even if a user or app navigates out to /sysroot they still can't mutate them (or the link targets in the visible /usr). -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org