Re: [PATCH 3/5] ovl: make redirect/metacopy rejection consistent

[Giuseppe Scrivano <gscrivan@redhat.com>]

Miklos Szeredi <miklos@szeredi.hu> writes:

> On Thu, 20 Feb 2025 at 10:54, Giuseppe Scrivano <gscrivan@redhat.com> wrote:
>>
>> Miklos Szeredi <miklos@szeredi.hu> writes:
>>
>> > On Tue, 11 Feb 2025 at 16:52, Amir Goldstein <amir73il@gmail.com> wrote:
>
>> >> The short version - for lazy data lookup we store the lowerdata
>> >> redirect absolute path in the ovl entry stack, but we do not store
>> >> the verity digest, we just store OVL_HAS_DIGEST inode flag if there
>> >> is a digest in metacopy xattr.
>> >>
>> >> If we store the digest from lookup time in ovl entry stack, your changes
>> >> may be easier.
>> >
>> > Sorry, I can't wrap my head around this issue.  Cc-ing Giuseppe.
>
> Giuseppe, can you describe what should happen when verity is enabled
> and a file on a composefs setup is copied up?

we don't care much about this case since the composefs metadata is in
the EROFS file system.  Once copied up it is fine to discard this
information.  Adding Alex to the discussion as he might have a different
opinion/use case in mind.

>> >> Right. So I guess we only need to disallow uppermetacopy from
>> >> index when metacoy=off.
>>
>> is that be safe from a user namespace?
>
> You mean disallowing uppermetacopy?  It's obviously safer than allowing it, no?

sorry I read th "only need" as "loosening the conditions when
uppermetacopy is allowed"; so I was asking if there are cases when
uppermetacopy is considered safe in a user namespace (if there are any).
If that is not the case, please ignore my question.