Re: udf: Prevent write-unsupported filesystem to be remounted read-write
From: Jan Kara
Date: Tue Jan 15 2019 - 06:15:44 EST
On Tue 15-01-19 11:50:41, Pali Rohár wrote:
> On Tuesday 15 January 2019 10:45:55 Jan Kara wrote:
> > On Tue 15-01-19 09:48:32, Pali Rohár wrote:
> > > On Tuesday 15 January 2019 09:41:19 Jan Kara wrote:
> > > > On Tue 15-01-19 09:31:11, Pali Rohár wrote:
> > > > > On Monday 14 January 2019 19:07:35 Michael Sabolish wrote:
> > > > > > I can try and make a pull-request for udftune, and I can just copy the API for tune2fs. It would work something like:
> > > > > >
> > > > > > udftune -O read-only device (to set read-only access type)
> > > > > >
> > > > > > or:
> > > > > >
> > > > > > udftune -O ^read-only device (to clear read-only access type (aka set rw))
> > > > >
> > > > > This API is ambiguous. What does it mean for ^read-only? In UDF you have
> > > > > following access types: overwritable, rewritable, writeonce, readonly,
> > > > > pseudo-overwritable, unknown.
> > > > >
> > > > > So you would need to know to which R/W access type to switch
> > > > > (overwritable, rewritable, writeonce or pseudo-overwritable).
> > > > >
> > > > > With information of media type, you could be able to guess correct
> > > > > access type. But for UDF images stored in VFS there is no media
> > > > > information. Also you can have uncommon setup, e.g. usage of CD-R
> > > > > writeonce setup on CD-R/W disc. So "autodetection" of media type would
> > > > > not work always correctly.
> > > > >
> > > > > So I think that it would be better to have following API:
> > > > >
> > > > > udftune --access-type=<new_access_type>
> > > > >
> > > > > or
> > > > >
> > > > > udftune --change-access-type=<new_access_type>
> > > > >
> > > > > I understand that you would like to have similar API as tune2fs, but UDF
> > > > > settings are too different from ext*.
> > > >
> > > > If you wanted to follow tune2fs interface, you can have e.g.:
> > >
> > > Question is if it is a good idea to follow this interface.
> >
> > Agreed. I'll leave that decision up to you as a maintainer :)
> >
> > > > udftune -E access-type=<foo>
> > > >
> > > > Another question about the feature is - the access type is actually per
> > > > partition and there can be multiple partitions on UDF media. So I think we
> > > > need to specify the partition number in the command and <foo> has to
> > > > actually be something like <partition number>,<access_type>.
> > >
> > > Access type is stored in partition descriptor and in UDF (as opposite of
> > > ECMA-167) you can have only one partition descriptor. IIRC there is some
> > > exception when you have two partition descriptors, but then one have to be
> > > readonly and second virtual.
> >
> > Ah, right, I forgot that UDF standard limits how partitions can be set up.
> > However I don't see anything that would limit number of "type 1" maps? I've
> > only found in 2.2.4.7 that "Partition Maps shall be limited to Partition
> > Map type 1, except type 2 maps ...". In which I'm not sure whether this is
> > meant to imply there is only one 'type 1' partition map or whether there
> > can be more of them.
>
> That is interesting question... I just found following:
>
> In section "2. Basic Restrictions & Requirements" there is information
> about "Partition Descriptor":
>
> A Partition Descriptor Access Type of read-only, rewritable,
> overwritable, write-once and pseudo-overwritable shall be supported.
> There shall be exactly one prevailing Partition Descriptor recorded per
> volume, with one exception. For Volume Sets that consist of single
> volume, the volume may contain 2 non-overlapping Partitions with 2
> prevailing Partition Descriptors only if one has an Access Type of
> read-only and the other has an Access Type of rewritable, overwritable,
> or write-once. The Logical Volume for this volume would consist of the
> contents of both partitions.
>
> But again it does not answer to your question.
Well, it does at least for the purposes of our discussion. Because even if
you would have more than one partition map, you would still have only one
partition descriptor and the access type is specified in the partition
descriptor, not in the partition map. So the above paragraph basically says
that we can set access type arbitrarily only if there is exactly one
partition descriptor. If there are two, we can switch partition only
between overwritable, write-once, pseudo-overwrite but I don't think that's
really useful. Thanks for enlightening me :).
Honza
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR