whyno filesystem flags check
layer 2: checks filesystem flags — immutable and append-only attributes
components
- process check_fs_flags(state)
checks filesystem flags: immutable and append-only attributes
ioctlfs/namei.c - decision resolve target component
determines which path component in the walk is the check target
- degraded degraded
walk array too short to identify the target path component
- decision flags probed?
checks if filesystem flags were successfully read via ioctl
- degraded degraded: can't read flags
ioctl for flags returned unknown or inaccessible
- decision operation type?
branches on the requested operation — flags block writes and metadata ops, not reads
- pass pass: flags don't restrict
read, stat, and execute are never blocked by filesystem flags
- decision immutable?
checks the immutable flag (chattr +i) on the target file
- fail fail: chattr +i
write blocked because the target has the immutable attribute
- decision append_only?
checks the append-only flag (chattr +a) on the target file
- fail fail: chattr +a
write blocked because the target has the append-only attribute
- pass pass
no filesystem flags block this write operation
- decision immutable?
checks the immutable flag on the parent directory
- fail fail: parent has chattr +i
delete or create blocked because the parent directory is immutable
- decision delete and append_only?
append-only on parent blocks deletion but allows creation
- fail fail: parent has chattr +a
deletion blocked because the parent directory has append-only set
- pass pass
no filesystem flags on the parent block this operation