On Fri, Jun 10, 2011 at 07:56:42PM +0200, Emmanuel Dreyfus wrote: > Thor Lancelot Simon <t...@panix.com> wrote: > > > I don't really understand. Modifying the attribute backing stores is > > subject to the same constraints as any other metadata write -- isn't it? > > The point is that you rarely modify the files needed for booting to > single user mode, and therefore they are not likely to have any problem. > On the other hand, adding an attributes grows the attribute backing > store, so I immagine it is much more sensible to corruption.
This doesn't make sense to me. Why would one modify the other metadata needed for booting to single user more any more or less than the relevant attributes? If what you're saying is that the attribute store writes are not treated with the same integrity guarantees as other metadata writes, and, worse, that the datastructures they're stored in are not designed to be robust against corruption at least such that the system does not crash if it encounters, let's say, a truncated attribute store -- that sounds to me like such a severe design and implementation bug that this feature should be removed from the source tree. Is FreeBSD's FFSv2 attribute code similarly fragile? A lot of people seem to be using it. Maybe it would be a better path forward for us. Thor
