[PATCH 0/6] File Sealing & memfd_create()
Alex Elsayed
eternaleye at gmail.com
Thu Apr 10 23:09:46 PDT 2014
Colin Walters wrote:
> On Thu, Apr 10, 2014 at 3:15 PM, Andy Lutomirski <luto at amacapital.net>
> wrote:
>>
>>
>> COW links can do this already, I think. Of course, you'll have to
>> use a
>> filesystem that supports them.
>
> COW is nice if the filesystem supports them, but my userspace code
> needs to be filesystem agnostic. Because of that, the design for
> userspace simply doesn't allow arbitrary writes.
>
> Instead, I have to painfully audit every rpm %post/dpkg postinst type
> script to ensure they break hardlinks, and furthermore only allow
> executing scripts that are known to do so.
>
> But I think even in a btrfs world it'd still be useful to mark files as
> content-immutable.
If you create each tree as a subvolume and when it's complete put it in
place with btrfs subvolume snapshot -r FOO_inprogress /ostree/repo/FOO,
you get exactly that.
You can even use the new(ish) btrfs out-of-band dedup functionality to
deduplicate read-only snapshots safely.
More information about the dri-devel
mailing list