From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Colin Walters <walters@verbum.org>, Theodore Ts'o <tytso@mit.edu>
Cc: linux-fsdevel <linux-fsdevel@vger.kernel.org>,
lsf-pc@lists.linux-foundation.org
Subject: Re: [Lsf-pc] [LSF/MM TOPIC] fs-verity: file system-level integrity protection
Date: Fri, 26 Jan 2018 08:49:24 -0800 [thread overview]
Message-ID: <1516985364.4000.15.camel@HansenPartnership.com> (raw)
In-Reply-To: <1516984812.1011043.1249268528.30144C24@webmail.messagingengine.com>
On Fri, 2018-01-26 at 11:40 -0500, Colin Walters wrote:
> On Fri, Jan 26, 2018, at 10:29 AM, Theodore Ts'o wrote:
> >
> > The problem is not the userspace API, it's the bike-shedding over
> > all of the different ways we could *do* immutability, all of which
> > would require separate bits in the on-disk representation of the
> > inode. You can have any combination of:
> >
> > * Immutable data
> > * Immutable metadata
> > * Immutable xattrs
>
> Everyone here wants immutable data (*all* of the data I hope),
No, no, I don't. In the world today most linux distributions from
which we produce containers do have the annoying property of writing
stuff where they shouldn't (mostly into /etc). Systemd is working on
fixing this and when you can make everything other than your /tmp and
/var/tmp read only on your distro, then I will be able to have fully
immutable container images. But, until that day comes, I'm going to
need a mix of immutable and mutable files on one filesystem.
So when container people boast about immutable images, what they
actually mean is *mostly* immutable apart from bits we can't fix. What
they actually mean is we don't patch the image in situ but instead
deploy an upgraded image and when we start each time we start from the
pristine state but as the image is running it can mutate slightly.
James
next prev parent reply other threads:[~2018-01-26 16:49 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-25 19:11 [LSF/MM TOPIC] fs-verity: file system-level integrity protection Theodore Ts'o
2018-01-25 21:49 ` Chuck Lever
2018-01-25 23:39 ` Theodore Ts'o
2018-01-26 0:47 ` James Bottomley
2018-01-26 2:30 ` Theodore Ts'o
2018-01-26 4:50 ` James Bottomley
2018-01-26 14:58 ` Theodore Ts'o
2018-01-26 16:44 ` [Lsf-pc] " James Bottomley
2018-01-26 21:55 ` Theodore Ts'o
2018-01-27 7:58 ` Andreas Dilger
2018-01-27 16:19 ` James Bottomley
2018-01-27 17:08 ` James Bottomley
2018-01-28 2:46 ` Theodore Ts'o
2018-01-28 17:19 ` James Bottomley
2018-01-28 18:03 ` James Bottomley
2018-01-28 18:19 ` Chuck Lever
2018-01-29 6:39 ` James Bottomley
2018-01-29 15:22 ` Chuck Lever
2018-01-30 6:47 ` James Bottomley
2018-01-28 21:49 ` Theodore Ts'o
2018-01-28 22:49 ` Theodore Ts'o
2018-01-28 23:04 ` Mimi Zohar
2018-01-29 0:38 ` Theodore Ts'o
2018-01-29 1:53 ` Mimi Zohar
2018-01-29 2:38 ` Theodore Ts'o
2018-01-29 3:39 ` Mimi Zohar
2018-01-29 4:40 ` Theodore Ts'o
2018-01-29 4:50 ` Theodore Ts'o
2018-01-29 12:09 ` Mimi Zohar
2018-01-29 13:58 ` Mimi Zohar
2018-01-29 23:02 ` Theodore Ts'o
2018-01-30 23:25 ` Mimi Zohar
2018-01-31 16:05 ` Theodore Ts'o
2018-01-31 17:12 ` James Bottomley
2018-01-31 18:46 ` Theodore Ts'o
2018-01-31 20:41 ` James Bottomley
2018-02-01 0:03 ` Theodore Ts'o
2018-02-01 23:04 ` Dave Chinner
2018-02-01 23:43 ` Andreas Dilger
2018-02-02 0:13 ` Dave Chinner
2018-02-02 5:34 ` James Bottomley
2018-02-02 2:40 ` Theodore Ts'o
2018-02-02 9:05 ` Dave Chinner
2018-01-31 20:40 ` Mimi Zohar
2018-01-31 22:00 ` Theodore Ts'o
2018-02-01 15:17 ` Mimi Zohar
2018-01-29 0:21 ` James Bottomley
2018-01-29 1:03 ` Theodore Ts'o
2018-01-29 21:21 ` Andreas Dilger
2018-01-26 18:13 ` Mimi Zohar
2018-01-29 18:54 ` Michael Halcrow
2018-01-26 7:58 ` Colin Walters
2018-01-26 15:29 ` Theodore Ts'o
2018-01-26 16:40 ` Colin Walters
2018-01-26 16:49 ` James Bottomley [this message]
2018-01-26 17:05 ` [Lsf-pc] " Colin Walters
2018-01-26 17:54 ` Mimi Zohar
2018-02-02 0:02 ` Steve French
2018-02-07 13:04 ` David Gstir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1516985364.4000.15.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=lsf-pc@lists.linux-foundation.org \
--cc=tytso@mit.edu \
--cc=walters@verbum.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).