From: Colin Walters <walters@verbum.org>
To: James Bottomley <James.Bottomley@HansenPartnership.com>,
"Theodore Ts'o" <tytso@mit.edu>
Cc: "linux-fsdevel" <linux-fsdevel@vger.kernel.org>,
lsf-pc@lists.linux-foundation.org
Subject: Re: [Lsf-pc] [LSF/MM TOPIC] fs-verity: file system-level integrity protection
Date: Fri, 26 Jan 2018 12:05:13 -0500 [thread overview]
Message-ID: <1516986313.1023634.1249302064.27114772@webmail.messagingengine.com> (raw)
In-Reply-To: <1516985364.4000.15.camel@HansenPartnership.com>
On Fri, Jan 26, 2018, at 11:49 AM, James Bottomley wrote:
> On Fri, 2018-01-26 at 11:40 -0500, Colin Walters wrote:
> > On Fri, Jan 26, 2018, at 10:29 AM, Theodore Ts'o wrote:
> > >
> > > The problem is not the userspace API, it's the bike-shedding over
> > > all of the different ways we could *do* immutability, all of which
> > > would require separate bits in the on-disk representation of the
> > > inode. You can have any combination of:
> > >
> > > * Immutable data
> > > * Immutable metadata
> > > * Immutable xattrs
> >
> > Everyone here wants immutable data (*all* of the data I hope),
>
> No, no, I don't. In the world today most linux distributions from
> which we produce containers do have the annoying property of writing
> stuff where they shouldn't (mostly into /etc).
Sorry, I meant that no one was asking for *partially* immutable single files,
like how one can F_SETLK byte ranges today. Now that I think about it
though that's kind of what log files like the systemd journal want (i.e. O_APPEND like)
but honestly people who care about that kind of stuff tend to send log messages remotely
anyways and I personally care a whole lot more about binaries (basically
ideally fs-verity covers at least everything that can gain CAP_SYS_ADMIN,
including e.g. supporting local signing of installed RPMs/host extensions,
and notably if one has a Docker container or whatever that is configured
to gain CAP_SYS_ADMIN on start, or equivalent).
next prev parent reply other threads:[~2018-01-26 17:05 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-25 19:11 [LSF/MM TOPIC] fs-verity: file system-level integrity protection Theodore Ts'o
2018-01-25 21:49 ` Chuck Lever
2018-01-25 23:39 ` Theodore Ts'o
2018-01-26 0:47 ` James Bottomley
2018-01-26 2:30 ` Theodore Ts'o
2018-01-26 4:50 ` James Bottomley
2018-01-26 14:58 ` Theodore Ts'o
2018-01-26 16:44 ` [Lsf-pc] " James Bottomley
2018-01-26 21:55 ` Theodore Ts'o
2018-01-27 7:58 ` Andreas Dilger
2018-01-27 16:19 ` James Bottomley
2018-01-27 17:08 ` James Bottomley
2018-01-28 2:46 ` Theodore Ts'o
2018-01-28 17:19 ` James Bottomley
2018-01-28 18:03 ` James Bottomley
2018-01-28 18:19 ` Chuck Lever
2018-01-29 6:39 ` James Bottomley
2018-01-29 15:22 ` Chuck Lever
2018-01-30 6:47 ` James Bottomley
2018-01-28 21:49 ` Theodore Ts'o
2018-01-28 22:49 ` Theodore Ts'o
2018-01-28 23:04 ` Mimi Zohar
2018-01-29 0:38 ` Theodore Ts'o
2018-01-29 1:53 ` Mimi Zohar
2018-01-29 2:38 ` Theodore Ts'o
2018-01-29 3:39 ` Mimi Zohar
2018-01-29 4:40 ` Theodore Ts'o
2018-01-29 4:50 ` Theodore Ts'o
2018-01-29 12:09 ` Mimi Zohar
2018-01-29 13:58 ` Mimi Zohar
2018-01-29 23:02 ` Theodore Ts'o
2018-01-30 23:25 ` Mimi Zohar
2018-01-31 16:05 ` Theodore Ts'o
2018-01-31 17:12 ` James Bottomley
2018-01-31 18:46 ` Theodore Ts'o
2018-01-31 20:41 ` James Bottomley
2018-02-01 0:03 ` Theodore Ts'o
2018-02-01 23:04 ` Dave Chinner
2018-02-01 23:43 ` Andreas Dilger
2018-02-02 0:13 ` Dave Chinner
2018-02-02 5:34 ` James Bottomley
2018-02-02 2:40 ` Theodore Ts'o
2018-02-02 9:05 ` Dave Chinner
2018-01-31 20:40 ` Mimi Zohar
2018-01-31 22:00 ` Theodore Ts'o
2018-02-01 15:17 ` Mimi Zohar
2018-01-29 0:21 ` James Bottomley
2018-01-29 1:03 ` Theodore Ts'o
2018-01-29 21:21 ` Andreas Dilger
2018-01-26 18:13 ` Mimi Zohar
2018-01-29 18:54 ` Michael Halcrow
2018-01-26 7:58 ` Colin Walters
2018-01-26 15:29 ` Theodore Ts'o
2018-01-26 16:40 ` Colin Walters
2018-01-26 16:49 ` [Lsf-pc] " James Bottomley
2018-01-26 17:05 ` Colin Walters [this message]
2018-01-26 17:54 ` Mimi Zohar
2018-02-02 0:02 ` Steve French
2018-02-07 13:04 ` David Gstir
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1516986313.1023634.1249302064.27114772@webmail.messagingengine.com \
--to=walters@verbum.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=lsf-pc@lists.linux-foundation.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).