linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 01:51:18 +00:00

History

Eric Biggers 672d6ef4c7 fsverity: improve documentation for builtin signature support fsverity builtin signatures (CONFIG_FS_VERITY_BUILTIN_SIGNATURES) aren't the only way to do signatures with fsverity, and they have some major limitations. Yet, more users have tried to use them, e.g. recently by https://github.com/ostreedev/ostree/pull/2640. In most cases this seems to be because users aren't sufficiently familiar with the limitations of this feature and what the alternatives are. Therefore, make some updates to the documentation to try to clarify the properties of this feature and nudge users in the right direction. Note that the Integrity Policy Enforcement (IPE) LSM, which is not yet upstream, is planned to use the builtin signatures. (This differs from IMA, which uses its own signature mechanism.) For that reason, my earlier patch "fsverity: mark builtin signatures as deprecated" (https://lore.kernel.org/r/20221208033548.122704-1-ebiggers@kernel.org), which marked builtin signatures as "deprecated", was controversial. This patch therefore stops short of marking the feature as deprecated. I've also revised the language to focus on better explaining the feature and what its alternatives are. Link: https://lore.kernel.org/r/20230620041937.5809-1-ebiggers@kernel.org Reviewed-by: Colin Walters <walters@verbum.org> Reviewed-by: Luca Boccassi <bluca@debian.org> Signed-off-by: Eric Biggers <ebiggers@google.com>		2023-06-20 22:47:55 -07:00
..
caching	Remove duplicate words inside documentation	2022-09-27 13:21:43 -06:00
cifs	ksmbd: update documentation	2022-10-05 01:15:38 -05:00
ext4	docs: ext4: modify the group desc size to 64	2023-03-07 20:24:05 -05:00
nfs	Documentation: Fix sysfs path for the NFSv4 client identifier	2023-02-15 11:01:03 -05:00
spufs	Documentation: spufs: correct a duplicate word typo	2022-09-27 13:21:44 -06:00
9p.rst	fs/9p: Rework cache modes and add new options to Documentation	2023-04-09 21:41:21 +00:00
adfs.rst
affs.rst
afs.rst	AFS: Documentation: fix a few typos in afs.rst	2021-01-21 14:06:00 -07:00
api-summary.rst	block: move fs/block_dev.c to block/bdev.c	2021-09-07 08:39:40 -06:00
autofs-mount-control.rst
autofs.rst	docs: filesystems: Fix grammatical error "with" to "which"	2021-11-15 02:54:37 -07:00
automount-support.rst
befs.rst
bfs.rst
btrfs.rst	Documentation: update btrfs list of features and link to readthedocs.io	2022-06-21 14:47:19 +02:00
ceph.rst	ceph: remove Sage's git tree from documentation	2022-10-04 19:18:08 +02:00
coda.rst
configfs.rst	configfs: remove mentions of committable items	2022-12-02 11:11:27 +01:00
cramfs.rst
dax.rst	Documentation/filesystem/dax: update DAX description on erofs	2022-03-16 09:38:38 +08:00
debugfs.rst	debugfs: small Documentation cleaning	2022-11-09 13:58:55 -07:00
devpts.rst
directory-locking.rst
dlmfs.rst
dnotify.rst
ecryptfs.rst
efivarfs.rst
erofs.rst	erofs: set block size to the on-disk block size	2023-04-17 01:15:45 +08:00
ext2.rst	ext2: remove nobh support	2022-08-02 12:34:04 -04:00
ext3.rst
f2fs.rst	docs: f2fs: Correct instruction to disable checkpoint	2023-04-12 20:00:36 -07:00
fiemap.rst
files.rst
fscrypt.rst	fscrypt: support decrypting data from large folios	2023-01-28 15:10:12 -08:00
fsverity.rst	fsverity: improve documentation for builtin signature support	2023-06-20 22:47:55 -07:00
fuse-io.rst
fuse.rst	fuse: Add module param for CAP_SYS_ADMIN access bypassing allow_other	2022-07-21 16:06:19 +02:00
gfs2-glocks.rst
gfs2-uevents.rst
gfs2.rst
hfs.rst
hfsplus.rst
hpfs.rst
idmappings.rst	Documentation: update idmappings.rst	2023-03-14 14:16:57 +01:00
index.rst	xfs: document the motivation for online fsck design	2023-04-11 18:59:45 -07:00
inotify.rst
isofs.rst
journalling.rst
locking.rst	mm: hold the RCU read lock over calls to ->map_pages	2023-04-05 19:43:00 -07:00
locks.rst	docs: fs: locks.rst: update comment about mandatory file locking	2021-10-19 06:48:21 -04:00
mount_api.rst	fs_context: drop the unused lsm_flags member	2023-03-16 14:38:28 +01:00
netfs_library.rst	netfs: do not unlock and put the folio twice	2022-07-14 10:10:12 +02:00
nilfs2.rst
ntfs.rst
ntfs3.rst	fs/ntfs3: Remove noacsrules	2023-03-27 16:59:17 +04:00
ocfs2-online-filecheck.rst
ocfs2.rst
omfs.rst
orangefs.rst
overlayfs.rst	Revert "ovl: turn of SB_POSIXACL with idmapped layers temporarily"	2022-07-15 22:10:51 +02:00
path-lookup.rst	Merge branch 'work.namei' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2021-07-03 11:41:14 -07:00
path-lookup.txt
porting.rst	fs: rename current get acl method	2022-10-20 10:13:27 +02:00
proc.rst	Mainly singleton patches all over the place. Series of note are:	2023-04-27 19:57:00 -07:00
qnx6.rst	Documentation: filesystems: correct possessive "its"	2022-09-27 13:21:44 -06:00
quota.rst
ramfs-rootfs-initramfs.rst	Documentation: Fix intiramfs script name	2021-07-18 23:48:14 +09:00
relay.rst
romfs.rst
seq_file.rst	seq_file: document how per-entry resources are managed.	2021-02-26 09:41:05 -08:00
sharedsubtree.rst
splice.rst
squashfs.rst
sysfs.rst	driver core: bus: mark the struct bus_type for sysfs callbacks as constant	2023-03-23 13:20:40 +01:00
sysv-fs.rst
tmpfs.rst	shmem: add support to ignore swap	2023-03-28 16:20:15 -07:00
ubifs-authentication.rst
ubifs.rst	Documentation: ubifs: Fix compression idiom	2022-10-10 13:01:10 -06:00
udf.rst
vfat.rst	docs: filesystems: Fix a mundane typo	2021-03-25 11:51:23 -06:00
vfs.rst	docs: filesystems: vfs: actualize struct super_operations description	2023-03-14 12:12:12 -06:00
virtiofs.rst
xfs-delayed-logging-design.rst	Documentation: filesystems: correct possessive "its"	2022-09-27 13:21:44 -06:00
xfs-online-fsck-design.rst	xfs: document future directions of online fsck	2023-04-11 18:59:52 -07:00
xfs-self-describing-metadata.rst	xfs: document the filesystem metadata checking strategy	2023-04-11 18:59:47 -07:00
zonefs.rst	documentation: zonefs: Document sysfs attributes	2022-04-26 14:53:06 +09:00