pub fn enable_verity_maybe_copy<H: FsVerityHashValue>(
dirfd: impl AsFd,
fd: BorrowedFd<'_>,
) -> Result<Option<OwnedFd>, EnableVerityError>Expand description
Enable fs-verity on the given file. If the given file cannot be enabled because it is opened as writable, then a new copy of the file will be returned instead. No attempt is made to sync the copied file contents to disk, it is up to the caller to do so if desired.
Take special note that in the case where a copied file descriptor
is returned, the returned file is created as a tempfile and is
unlinked. Presumably the caller should take care to make this
file permanent, using a combination of linkat and renameat to
replace the original file.
This uses enable_verity_raw() and enable_verity_with_retry()
and is subject to the same restrictions.
§Arguments:
dirfd: A directory file descriptor, used to determine the placement (via O_TMPFILE) of the new file (if necessary).fd: The file decriptor to enable verity on
§Return Value:
Ok(None)is returned if verity was enabled on the original fileOk(Some(OwnedFd))is returned if a copy was made