Yet another try for fs-verity

Posted Jun 4, 2019 3:09 UTC (Tue) by ebiggers (subscriber, #130760)
In reply to: Yet another try for fs-verity by Cyberax
Parent article: Yet another try for fs-verity

The fs-verity kernel feature only hashes the file contents, and optionally checks whether the hash is validly signed. It's up to trusted userspace code to use this as a tool to enforce a meaningful authentication policy, e.g. the application launcher can check that binaries have the fs-verity bit set before running them. This userspace code may be looking for the files in a specific location, and it can also validate whatever additional metadata it wants to.

Yet another try for fs-verity

Posted Jun 4, 2019 3:56 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

Can it, perhaps, also have verified paths as an optional attribute? I understand that it can be done through xattrs, but it'd be nice to have both in one place.

Yet another try for fs-verity

Posted Jun 4, 2019 20:32 UTC (Tue) by ebiggers (subscriber, #130760) [Link]

Sure, but whenever dealing with "paths" in the kernel you have to worry about things like links and mount namespaces. And also paths aren't special; people could also ask for owner, uid, group, mode, ACL, LSM labels, encryption status etc. Support for including these fields in the fs-verity file measurement can be added later if needed. It's best to start with the core feature first, which we know is going to be used. Adding a lot of complex extra functionality early on is risky.