From patchwork Thu Mar 28 17:50:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Darrick J. Wong" X-Patchwork-Id: 10875591 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8F5CA139A for ; Thu, 28 Mar 2019 17:50:42 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6ECB328E89 for ; Thu, 28 Mar 2019 17:50:42 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6A01128F01; Thu, 28 Mar 2019 17:50:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, SUSPICIOUS_RECIPS,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1C36C28E89 for ; Thu, 28 Mar 2019 17:50:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727502AbfC1Rul (ORCPT ); Thu, 28 Mar 2019 13:50:41 -0400 Received: from userp2130.oracle.com ([156.151.31.86]:48614 "EHLO userp2130.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726171AbfC1Ruk (ORCPT ); Thu, 28 Mar 2019 13:50:40 -0400 Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x2SHnV1r045442; Thu, 28 Mar 2019 17:50:38 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=subject : from : to : cc : date : message-id : mime-version : content-type : content-transfer-encoding; s=corp-2018-07-02; bh=UNp5UajRP0TYe7MVFZc545v0F1Jrs14oVb6FcV8yLDg=; b=g5Us3M5uwvfiVcmGVSth4oChqwEma8n39onuAXCr6Vj9gVoxLraLA5s6xmqwsYgw2mI7 L1AA+eZXd9vnCgY2wUNwBGumDR0HhKy+qshBCXW2HzrFeUQpCsmvkzFkVyAUlV/2SbjF FDIHz25JWp8a8hl/pL2ZLN/dkVRVk0XqpAfxmONiwCj8TXVveJJJvd/kc+VDg5g9iwsi bKwqWg91hMrOQpHbgjrlf2jvziHLiYqW1Q6CcREwIFxJSy0di6L2nDyUjtv3ta9pFpa+ UKJL9zv87JURDjpZwfLwgmIA5nAYHqwSY29Ct8GRM1kIscwIj/FSCs2Q44pfi+W7RAaf +g== Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by userp2130.oracle.com with ESMTP id 2re6g1g6nb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 28 Mar 2019 17:50:38 +0000 Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id x2SHoaSQ029430 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 28 Mar 2019 17:50:37 GMT Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x2SHoZDr009350; Thu, 28 Mar 2019 17:50:35 GMT Received: from localhost (/10.159.234.216) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 28 Mar 2019 10:50:35 -0700 Subject: [PATCH 0/3] vfs: make immutable files actually immutable From: "Darrick J. Wong" To: darrick.wong@oracle.com Cc: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-ext4@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-mm@kvack.org Date: Thu, 28 Mar 2019 10:50:34 -0700 Message-ID: <155379543409.24796.5783716624820175068.stgit@magnolia> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9209 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=554 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903280117 Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Hi all, The chattr(1) manpage has this to say about the immutable bit that system administrators can set on files: "A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file, most of the file's metadata can not be modified, and the file can not be opened in write mode." Given the clause about how the file 'cannot be modified', it is surprising that programs holding writable file descriptors can continue to write to and truncate files after the immutable flag has been set, but they cannot call other things such as utimes, fallocate, unlink, link, setxattr, or reflink. Since the immutable flag is only settable by administrators, resolve this inconsistent behavior in favor of the documented behavior -- once the flag is set, the file cannot be modified, period. This has been lightly tested with fstests. Enjoy! Comments and questions are, as always, welcome. --D