lib: Add lcfs_fd_measure_fsverity#394
Merged
cgwalters merged 5 commits intocomposefs:mainfrom Nov 19, 2024
Merged
Conversation
cgwalters
force-pushed
the
add-fd-require-verity
branch
from
1b3e9fc to
0c39a47
Compare
cgwalters
force-pushed
the
add-fd-require-verity
branch
from
0c39a47 to
955a594
Compare
cgwalters
changed the title
Contributor
Author
But only on s390x?? Hmm... |
Contributor
Author
|
Hummm I would bet money this is something like the run-on-arch action using qemu's userspace emulation which probably doesn't implement the ioctl so we're getting ENOSYS |
cgwalters
force-pushed
the
add-fd-require-verity
branch
2 times, most recently
from
272536b to
154ec89
Compare
Contributor
Author
|
OK, this passes CI now. |
Our history with fsverity APIs is a bit messy. For now historical reasons lcfs_fd_get_fsverity tries to query the kernel (via ioctl) but will silently fall back to userspace computation - which is sometimes desirable, other times not. We also have lcfs_fd_compute_fsverity which is unconditionally userspace. However some cases actually really want to require the fd to have fsverity - so add an API to do that. Signed-off-by: Colin Walters <walters@verbum.org>
This is what we do elsewhere. Signed-off-by: Colin Walters <walters@verbum.org>
This is ensuring we have our fsverity ioctl parsing code in one place. Signed-off-by: Colin Walters <walters@verbum.org>
We may get ENOSYS from qemu userspace emulation not implementing the ioctl. Signed-off-by: Colin Walters <walters@verbum.org>
cgwalters
force-pushed
the
add-fd-require-verity
branch
from
154ec89 to
d771778
Compare
smcv
reviewed
Nov 15, 2024
Adapted from an equivalent patch by Simon for ostree: ostreedev/ostree@67ed2ac Reported-by: Simon McVittie <smcv@debian.org> Signed-off-by: Colin Walters <walters@verbum.org>
jluebbe
approved these changes
Nov 19, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
lib: Add lcfs_fd_measure_fsverity
Our history with fsverity APIs is a bit messy. For now historical
reasons lcfs_fd_get_fsverity tries to query the kernel (via ioctl)
but will silently fall back to userspace computation - which
is sometimes desirable, other times not.
We also have lcfs_fd_compute_fsverity which is unconditionally
userspace.
However some cases actually really want to require the
fd to have fsverity - so add an API to do that.
Signed-off-by: Colin Walters walters@verbum.org
writer: Canonicalize no-verity errno to -ENOVERITY
This is what we do elsewhere.
Signed-off-by: Colin Walters walters@verbum.org
lib/mount: Use lcfs_fd_measure_fsverity
This is ensuring we have our fsverity ioctl parsing code in
one place.
Signed-off-by: Colin Walters walters@verbum.org
rust: Bind lcfs_fd_measure_fsverity
This is a reasonable thing to want to do.
Signed-off-by: Colin Walters walters@verbum.org