41fc9dfabd
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-10/-/merge_requests/1012 JIRA: https://issues.redhat.com/browse/RHEL-82858 ovl: don't require "metacopy=on" for "verity" This allows the "verity" mount option to be used with "userxattr" data-only layer(s). Also it allows dropping the "metacopy=on" option when the "datadir+" option is to be used. This cleanly separates the two features that have been lumped together under "metacopy=on": - data-redirect: data access is redirected to the data-only layer - meta-copy: copy up metadata only if possible Previous patches made sure that with "userxattr" metacopy only works in the lower -> data scenario. In this scenario the lower (metadata) layer must be secured against tampering, in which case the verity checksums contained in this layer can ensure integrity of data even in the case of an untrusted data layer. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Approved-by: Carlos Maiolino <cmaiolino@redhat.com> Approved-by: David Howells <dhowells@redhat.com> Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> Merged-by: Julio Faracco <jfaracco@redhat.com> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| copy_up.c | ||
| dir.c | ||
| export.c | ||
| file.c | ||
| inode.c | ||
| namei.c | ||
| overlayfs.h | ||
| ovl_entry.h | ||
| params.c | ||
| params.h | ||
| readdir.c | ||
| super.c | ||
| util.c | ||
| xattrs.c | ||