From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 31 Mar 2025 16:14:33 +0000 (+0900)
Subject: introduce systemd-validatefs@.service that ensures file systems can only be used... 
X-Git-Tag: v258-rc1~983
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=30252c0ca41d1e18199c54bb13473de1c9ab34cb;p=thirdparty%2Fsystemd.git

introduce systemd-validatefs@.service that ensures file systems can only be used in the way they were intended (#36714)

If we have multiple trusted fs (i.e. luks or dm-verity) we generate via
repart at boot, we must make sure they cannot be "misappropriated", i.e.
used for a different mount they were intended for.

Hence, let's introduce "mount constraint" data (encoded in xattrs on the
root inode of the fs) that tells us where a file system has to be
mounted, and what the gpt partition metadata has to be for the fs to be
valid.

Inspired by this thread:
https://lists.freedesktop.org/archives/systemd-devel/2025-March/051244.html
---

30252c0ca41d1e18199c54bb13473de1c9ab34cb