[PATCH v2 01/15] Documentation: add newcx initramfs format description

[PATCH v2 00/15] extend initramfs archive format to support xattrs · Taras Kondratiuk <hidden> · 2018-01-25
[PATCH v2 04/15] initramfs: remove unnecessary symlinks processing shortcut · Taras Kondratiuk <hidden> · 2018-01-25
[PATCH v2 05/15] initramfs: move files creation into separate state · Taras Kondratiuk <hidden> · 2018-01-25
[PATCH v2 08/15] initramfs: add newcx format · Taras Kondratiuk <hidden> · 2018-01-25
[PATCH v2 13/15] gen_initramfs_list.sh: add -x option to enable newcx format · Taras Kondratiuk <hidden> · 2018-01-25
[PATCH v2 11/15] gen_init_cpio: add newcx format · Taras Kondratiuk <hidden> · 2018-01-25
Re: [PATCH v2 11/15] gen_init_cpio: add newcx format · Rob Landley <hidden> · 2018-01-26
Re: [PATCH v2 11/15] gen_init_cpio: add newcx format · Taras Kondratiuk <hidden> · 2018-01-26
[PATCH v2 12/15] gen_init_cpio: set extended attributes for newcx format · Taras Kondratiuk <hidden> · 2018-01-25
[PATCH v2 09/15] initramfs: set extended attributes · Taras Kondratiuk <hidden> · 2018-01-25
[PATCH v2 15/15] selinux: delay sid population for rootfs till init is complete · Taras Kondratiuk <hidden> · 2018-01-25
[PATCH v2 10/15] gen_init_cpio: move header formatting into function · Taras Kondratiuk <hidden> · 2018-01-25
[PATCH v2 06/15] initramfs: separate reading cpio method from header · Taras Kondratiuk <hidden> · 2018-01-25
[PATCH v2 14/15] selinux: allow setxattr on rootfs so initramfs code can set them · Taras Kondratiuk <hidden> · 2018-01-25
[PATCH v2 01/15] Documentation: add newcx initramfs format description · Taras Kondratiuk <hidden> · 2018-01-25
Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description · Arnd Bergmann <arnd@arndb.de> · 2018-01-25
Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description · Taras Kondratiuk <hidden> · 2018-01-25
Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description · Arnd Bergmann <arnd@arndb.de> · 2018-01-25
Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description · Taras Kondratiuk <hidden> · 2018-01-25
Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description · Rob Landley <hidden> · 2018-01-26
Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description · Arnd Bergmann <arnd@arndb.de> · 2018-01-26
Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description · Henrique de Moraes Holschuh <hmh@hmh.eng.br> · 2018-01-26
Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description · Victor Kamensky <hidden> · 2018-01-26
Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description · Henrique de Moraes Holschuh <hmh@hmh.eng.br> · 2018-01-26
Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description · Rob Landley <hidden> · 2018-01-26
Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description · Taras Kondratiuk <hidden> · 2018-01-26
[PATCH v2 02/15] initramfs: replace states with function pointers · Taras Kondratiuk <hidden> · 2018-01-25
[PATCH v2 03/15] initramfs: store file name in name_buf · Taras Kondratiuk <hidden> · 2018-01-25
[PATCH v2 07/15] initramfs: split header layout information from parsing function · Taras Kondratiuk <hidden> · 2018-01-25

From: arnd@arndb.de (Arnd Bergmann)
Date: 2018-01-25 09:29:19
Also in: lkml

On Thu, Jan 25, 2018 at 4:27 AM, Taras Kondratiuk [off-list ref] wrote:

Many of the Linux security/integrity features are dependent on file
metadata, stored as extended attributes (xattrs), for making decisions.
These features need to be initialized during initcall and enabled as
early as possible for complete security coverage.

Initramfs (tmpfs) supports xattrs, but newc CPIO archive format does not
support including them into the archive.

This patch describes "extended" newc format (newcx) that is based on
newc and has following changes:
- extended attributes support
- increased size of filesize to support files >4GB.
- increased mtime field size to have usec precision and more than
  32-bit of seconds.
- removed unused checksum field.

Signed-off-by: Taras Kondratiuk <redacted>
Signed-off-by: Mimi Zohar <redacted>
Signed-off-by: Victor Kamensky <redacted>

Ah nice, I like the extension of the time handling, that certainly
addresses one of the issues with y2038 that we have previously
hacked around in an ugly way (interpreting the 32-bit
number as unsigned).

However, if this is to become a generally supported format
for cpio files, could we make it use nanosecond resolution
instead? The issue that I see with microseconds is that
storing a file in an archive and extracting it again would
otherwise keep the mtime stamp /almost/ identical on file
systems that have nanosecond resolution, but most of
the time a comparison would indicate that the files are
not the same.

Unfortunately, the range of a 64-bit nanoseconds counter
is still a bit limited (584 years, or half of that if we make it
signed). While this is clearly enough for the uses in
initramfs, it still has a similar problem: someone creating
a fake timestamp a long time in the past or future on
a file system would lose information after going though
cpio.

         Arnd
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help