On Sun, Oct 1, 2017 at 3:34 PM, Dave Chinner <[email protected]> wrote:
>
> We already have a change counter on the inode, which is modified on
> any data or metadata write (i_version) under filesystem locks. The
> i_version counter has well defined semantics - it's required by
> NFSv4 to increment on any metadata or data change - so we should be
> able to rely on it's behaviour to implement IMA as well.
I actually think i_version has exactly the wrong semantics.
Afaik, it doesn't actually version the file _data_ at all, it only
versions "inode itself changed".
But I might have missed something obvious. The updates are hidden in
some odd places sometimes.
Linus
